better-auth 0.8.3-beta.4 → 0.8.3-beta.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (57) hide show
  1. package/dist/adapters/drizzle.d.cts +1 -1
  2. package/dist/adapters/drizzle.d.ts +1 -1
  3. package/dist/adapters/kysely.d.cts +1 -1
  4. package/dist/adapters/kysely.d.ts +1 -1
  5. package/dist/adapters/memory.d.cts +1 -1
  6. package/dist/adapters/memory.d.ts +1 -1
  7. package/dist/adapters/mongodb.d.cts +1 -1
  8. package/dist/adapters/mongodb.d.ts +1 -1
  9. package/dist/adapters/prisma.d.cts +1 -1
  10. package/dist/adapters/prisma.d.ts +1 -1
  11. package/dist/api.cjs +4 -4
  12. package/dist/api.d.cts +1 -1
  13. package/dist/api.d.ts +1 -1
  14. package/dist/api.js +5 -5
  15. package/dist/{auth-miD4FiAv.d.ts → auth-_P8zgt6G.d.ts} +92 -86
  16. package/dist/{auth-rfAcL_Rw.d.cts → auth-vyyMQkHj.d.cts} +92 -86
  17. package/dist/client/plugins.d.cts +6 -6
  18. package/dist/client/plugins.d.ts +6 -6
  19. package/dist/client.d.cts +1 -1
  20. package/dist/client.d.ts +1 -1
  21. package/dist/cookies.d.cts +1 -1
  22. package/dist/cookies.d.ts +1 -1
  23. package/dist/db.d.cts +2 -2
  24. package/dist/db.d.ts +2 -2
  25. package/dist/{index-DbSanUJ5.d.ts → index-BBge93OF.d.ts} +35 -44
  26. package/dist/{index-v9In9L_y.d.cts → index-fu78ZsL-.d.cts} +35 -44
  27. package/dist/index.cjs +4 -4
  28. package/dist/index.d.cts +2 -2
  29. package/dist/index.d.ts +2 -2
  30. package/dist/index.js +5 -5
  31. package/dist/next-js.d.cts +1 -1
  32. package/dist/next-js.d.ts +1 -1
  33. package/dist/node.d.cts +1 -1
  34. package/dist/node.d.ts +1 -1
  35. package/dist/oauth2.d.cts +2 -2
  36. package/dist/oauth2.d.ts +2 -2
  37. package/dist/plugins.cjs +5 -5
  38. package/dist/plugins.d.cts +9 -9
  39. package/dist/plugins.d.ts +9 -9
  40. package/dist/plugins.js +5 -5
  41. package/dist/react.d.cts +1 -1
  42. package/dist/react.d.ts +1 -1
  43. package/dist/solid-start.d.cts +1 -1
  44. package/dist/solid-start.d.ts +1 -1
  45. package/dist/solid.d.cts +1 -1
  46. package/dist/solid.d.ts +1 -1
  47. package/dist/{state-B-02czHC.d.ts → state-BGtdSXb8.d.ts} +1 -1
  48. package/dist/{state-D_ITqPUS.d.cts → state-DmxqE1OI.d.cts} +1 -1
  49. package/dist/svelte-kit.d.cts +1 -1
  50. package/dist/svelte-kit.d.ts +1 -1
  51. package/dist/svelte.d.cts +1 -1
  52. package/dist/svelte.d.ts +1 -1
  53. package/dist/types.d.cts +2 -2
  54. package/dist/types.d.ts +2 -2
  55. package/dist/vue.d.cts +1 -1
  56. package/dist/vue.d.ts +1 -1
  57. package/package.json +1 -1
package/dist/api.js CHANGED
@@ -1,7 +1,7 @@
1
- import{APIError as st,createRouter as ir,statusCode as nr}from"better-call";import{APIError as ht}from"better-call";import{createEndpointCreator as dt,createMiddleware as ne,createMiddlewareCreator as ct}from"better-call";var se=ne(async()=>({})),M=ct({use:[se,ne(async()=>({}))]}),p=dt({use:[se]});var z={isAction:!1};import{nanoid as ut}from"nanoid";var ae=e=>ut(e);import{generateCodeVerifier as pt,generateState as mt}from"oslo/oauth2";import{z as L}from"zod";import{APIError as pe}from"better-call";var G=Object.create(null),N=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?G:globalThis),de=new Proxy(G,{get(e,t){return N()[t]??G[t]},has(e,t){let r=N();return t in r||t in G},set(e,t,r){let o=N(!0);return o[t]=r,!0},deleteProperty(e,t){if(!t)return!1;let r=N(!0);return delete r[t],!0},ownKeys(){let e=N(!0);return Object.keys(e)}});function lt(e){return e?e!=="false":!1}var te=typeof process<"u"&&process.env&&process.env.NODE_ENV||"";var ce=te==="dev"||te==="development",ue=te==="test"||lt(de.TEST);var D=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r,this.stack=""}};function le(e){try{return new URL(e).origin}catch{return null}}async function Q(e,t){let r=e.body?.callbackURL||(e.query?.currentURL?le(e.query?.currentURL):"")||e.context.options.baseURL;if(!r)throw new pe("BAD_REQUEST",{message:"callbackURL is required"});let o=pt(),i=mt(),n=JSON.stringify({callbackURL:r,codeVerifier:o,errorURL:e.query?.currentURL,link:t,expiresAt:Date.now()+10*60*1e3}),s=new Date;s.setMinutes(s.getMinutes()+10);let a=await e.context.internalAdapter.createVerificationValue({value:n,identifier:i,expiresAt:s});if(!a)throw m.error("Unable to create verification. Make sure the database adapter is properly working and there is a verification table in the database"),new pe("INTERNAL_SERVER_ERROR",{message:"Unable to create verification"});return{state:a.identifier,codeVerifier:o}}async function me(e){let t=e.query.state,r=await e.context.internalAdapter.findVerificationValue(t);if(!r)throw m.error("State Mismatch. Verification not found",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let o=L.object({callbackURL:L.string(),codeVerifier:L.string(),errorURL:L.string().optional(),expiresAt:L.number(),link:L.object({email:L.string(),userId:L.string()}).optional()}).parse(JSON.parse(r.value));if(o.errorURL||(o.errorURL=`${e.context.baseURL}/error`),o.expiresAt<Date.now())throw await e.context.internalAdapter.deleteVerificationValue(r.id),m.error("State expired.",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);return await e.context.internalAdapter.deleteVerificationValue(r.id),o}import{createConsola as ft}from"consola";var V=ft({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),gt=e=>({log:(...t)=>{!e?.disabled&&V.log("",...t)},error:(...t)=>{!e?.disabled&&V.error("",...t)},warn:(...t)=>{!e?.disabled&&V.warn("",...t)},info:(...t)=>{!e?.disabled&&V.info("",...t)},debug:(...t)=>{!e?.disabled&&V.debug("",...t)},box:(...t)=>{!e?.disabled&&V.box("",...t)},success:(...t)=>{!e?.disabled&&V.success("",...t)},break:(...t)=>{!e?.disabled&&console.log(`
2
- `)}}),m=gt();var fe=M(async e=>{if(e.request?.method!=="POST")return;let{body:t,query:r,context:o}=e,i=e.headers?.get("origin")||e.headers?.get("referer")||"",n=t?.callbackURL||r?.callbackURL,s=t?.redirectTo,a=r?.currentURL,d=o.trustedOrigins,c=e.headers?.has("cookie"),u=(g,l)=>l.includes("*")?new RegExp("^"+l.replace(/\*/g,"[^/]+").replace(/\./g,"\\.")+"$").test(g):g.startsWith(l),f=(g,l)=>{if(!g)return;if(!d.some(w=>u(g,w)||g?.startsWith("/")&&l!=="origin"&&!g.includes(":")))throw m.error(`Invalid ${l}: ${g}`),m.info(`If it's a valid URL, please add ${g} to trustedOrigins in your auth config
3
- `,`Current list of trustedOrigins: ${d}`),new ht("FORBIDDEN",{message:`Invalid ${l}`})};c&&!e.context.options.advanced?.disableCSRFCheck&&f(i,"origin"),n&&f(n,"callbackURL"),s&&f(s,"redirectURL"),a&&f(a,"currentURL")});import{APIError as E}from"better-call";import{z as U}from"zod";import{TimeSpan as Zr}from"oslo";import{HMAC as ge,sha256 as qr}from"oslo/crypto";async function wt({value:e,secret:t}){return new ge("SHA-256").sign(new TextEncoder().encode(t),new TextEncoder().encode(e)).then(o=>Buffer.from(o).toString("base64"))}function bt({value:e,signature:t,secret:r}){return new ge("SHA-256").verify(new TextEncoder().encode(r),Buffer.from(t,"base64"),new TextEncoder().encode(e))}var Z={sign:wt,verify:bt};import{base64url as yt}from"oslo/encoding";var C=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));async function T(e,t,r,o){let i=e.context.authCookies.sessionToken.options;i.maxAge=r?void 0:e.context.sessionConfig.expiresIn,await e.setSignedCookie(e.context.authCookies.sessionToken.name,t.session.id,e.context.secret,{...i,...o}),r&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options),e.context.options.session?.cookieCache?.enabled&&e.setCookie(e.context.authCookies.sessionData.name,JSON.stringify(yt.encode(new TextEncoder().encode(JSON.stringify({session:t,expiresAt:C(e.context.authCookies.sessionData.options.maxAge||60,"sec").getTime(),signature:await Z.sign({value:JSON.stringify(t),secret:e.context.secret})})))),e.context.authCookies.sessionData.options),e.context.options.secondaryStorage&&await e.context.secondaryStorage?.set(t.session.id,JSON.stringify({user:t.user,session:t.session}),t.session.expiresAt.getTime()-Date.now())}function B(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.sessionData.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{maxAge:0})}import{parseJWT as Ut}from"oslo/jwt";import{sha256 as At}from"oslo/crypto";import{base64url as kt}from"oslo/encoding";async function he(e){let t=await At(new TextEncoder().encode(e));return kt.encode(new Uint8Array(t),{includePadding:!1})}function we(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_in?C(e.expires_in,"sec"):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function A({id:e,options:t,authorizationEndpoint:r,state:o,codeVerifier:i,scopes:n,claims:s,redirectURI:a}){let d=new URL(r);if(d.searchParams.set("response_type","code"),d.searchParams.set("client_id",t.clientId),d.searchParams.set("state",o),d.searchParams.set("scope",n.join(" ")),d.searchParams.set("redirect_uri",t.redirectURI||a),i){let c=await he(i);d.searchParams.set("code_challenge_method","S256"),d.searchParams.set("code_challenge",c)}if(s){let c=s.reduce((u,f)=>(u[f]=null,u),{});d.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...c}}))}return d}import{betterFetch as Rt}from"@better-fetch/fetch";async function b({code:e,codeVerifier:t,redirectURI:r,options:o,tokenEndpoint:i,authentication:n}){let s=new URLSearchParams,a={"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"};if(s.set("grant_type","authorization_code"),s.set("code",e),t&&s.set("code_verifier",t),s.set("redirect_uri",r),n==="basic"){let f=btoa(`${o.clientId}:${o.clientSecret}`);a.authorization=`Basic ${f}`}else s.set("client_id",o.clientId),s.set("client_secret",o.clientSecret);let{data:d,error:c}=await Rt(i,{method:"POST",body:s,headers:a});if(c)throw c;return we(d)}import{decodeProtectedHeader as vt,importJWK as Et,jwtVerify as xt}from"jose";import{betterFetch as _t}from"@better-fetch/fetch";import{APIError as Tt}from"better-call";import"zod";var be=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:o,redirectURI:i}){let n=o||["email","name","openid"];return e.scope&&n.push(...e.scope),new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${i||e.redirectURI}&scope=${n.join(" ")}&state=${r}`)},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:i})=>b({code:r,codeVerifier:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:t}),async verifyIdToken(r,o){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(r,o);let i=vt(r),{kid:n,alg:s}=i;if(!n||!s)return!1;let a=await Pt(n),{payload:d}=await xt(r,a,{algorithms:[s],issuer:"https://appleid.apple.com",audience:e.clientId,maxTokenAge:"1h"});return["email_verified","is_private_email"].forEach(c=>{d[c]!==void 0&&(d[c]=!!d[c])}),o&&d.nonce!==o?!1:!!d},async getUserInfo(r){if(!r.idToken)return null;let o=Ut(r.idToken)?.payload;return o?{user:{id:o.sub,name:o.name,email:o.email,emailVerified:o.email_verified==="true",image:o.picture},data:o}:null}}},Pt=async e=>{let t="https://appleid.apple.com",r="/auth/keys",{data:o}=await _t(`${t}${r}`);if(!o?.keys)throw new Tt("BAD_REQUEST",{message:"Keys not found"});let i=o.keys.find(n=>n.kid===e);if(!i)throw new Error(`JWK with kid ${e} not found`);return await Et(i,i.alg)};import{betterFetch as Ot}from"@better-fetch/fetch";var ye=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["identify","email"];return e.scope&&i.push(...e.scope),new URL(`https://discord.com/api/oauth2/authorize?scope=${i.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||o)}&state=${t}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>b({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await Ot("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(o)return null;if(r.avatar===null){let i=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${i}.png`}else{let i=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${i}`}return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url},data:r}}});import{betterFetch as St}from"@better-fetch/fetch";var Ae=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["email","public_profile"];return e.scope&&i.push(...e.scope),await A({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:i,state:t,redirectURI:o})},validateAuthorizationCode:async({code:t,redirectURI:r})=>b({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){let{data:r,error:o}=await St("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});return o?null:{user:{id:r.id,name:r.name,email:r.email,image:r.picture.data.url,emailVerified:r.email_verified},data:r}}});import{betterFetch as ke}from"@better-fetch/fetch";var Re=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"GitHub",createAuthorizationURL({state:r,scopes:o,codeVerifier:i,redirectURI:n}){let s=o||["user:email"];return e.scope&&s.push(...e.scope),A({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:s,state:r,redirectURI:n})},validateAuthorizationCode:async({code:r,redirectURI:o})=>b({code:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:i}=await ke("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${r.accessToken}`}});if(i)return null;let n=!1;if(!o.email){let{data:s,error:a}=await ke("https://api.github.com/user/emails",{headers:{authorization:`Bearer ${r.accessToken}`,"User-Agent":"better-auth"}});a||(o.email=(s.find(d=>d.primary)??s[0])?.email,n=s.find(d=>d.email===o.email)?.verified??!1)}return{user:{id:o.id.toString(),name:o.name||o.login,email:o.email,image:o.avatar_url,emailVerified:n},data:o}}}};import{parseJWT as It}from"oslo/jwt";import{betterFetch as Lt}from"@better-fetch/fetch";var Ue=e=>({id:"google",name:"Google",async createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:i}){if(!e.clientId||!e.clientSecret)throw m.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new D("CLIENT_ID_AND_SECRET_REQUIRED");if(!o)throw new D("codeVerifier is required for Google");let n=r||["email","profile","openid"];e.scope&&n.push(...e.scope);let s=await A({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:n,state:t,codeVerifier:o,redirectURI:i});return e.accessType&&s.searchParams.set("access_type",e.accessType),e.prompt&&s.searchParams.set("prompt",e.prompt),s},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>b({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async verifyIdToken(t,r){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(t,r);let o=`https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=${t}`,{data:i}=await Lt(o);return i?i.aud===e.clientId&&i.iss==="https://accounts.google.com":!1},async getUserInfo(t){if(!t.idToken)return null;let r=It(t.idToken)?.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}}});import{betterFetch as Ct}from"@better-fetch/fetch";import{parseJWT as Bt}from"oslo/jwt";var ve=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,o=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(i){let n=i.scopes||["openid","profile","email","User.Read"];return e.scope&&n.push(...e.scope),A({id:"microsoft",options:e,authorizationEndpoint:r,state:i.state,codeVerifier:i.codeVerifier,scopes:n,redirectURI:i.redirectURI})},validateAuthorizationCode({code:i,codeVerifier:n,redirectURI:s}){return b({code:i,codeVerifier:n,redirectURI:e.redirectURI||s,options:e,tokenEndpoint:o})},async getUserInfo(i){if(!i.idToken)return null;let n=Bt(i.idToken)?.payload,s=e.profilePhotoSize||48;return await Ct(`https://graph.microsoft.com/v1.0/me/photos/${s}x${s}/$value`,{headers:{Authorization:`Bearer ${i.accessToken}`},async onResponse(a){if(!(e.disableProfilePhoto||!a.response.ok))try{let c=await a.response.clone().arrayBuffer(),u=Buffer.from(c).toString("base64");n.picture=`data:image/jpeg;base64, ${u}`}catch(d){m.error(d)}}}),{user:{id:n.sub,name:n.name,email:n.email,image:n.picture,emailVerified:!0},data:n}}}};import{betterFetch as Dt}from"@better-fetch/fetch";var Ee=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:i}){let n=r||["user-read-email"];return e.scope&&n.push(...e.scope),A({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:n,state:t,codeVerifier:o,redirectURI:i})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>b({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){let{data:r,error:o}=await Dt("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1},data:r}}});import"@better-fetch/fetch";import{parseJWT as Vt}from"oslo/jwt";var xe=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["user:read:email","openid"];return e.scope&&i.push(...e.scope),A({id:"twitch",redirectURI:o,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:i,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>b({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let r=t.idToken;if(!r)return m.error("No idToken found in token"),null;let o=Vt(r)?.payload;return{user:{id:o.sub,name:o.preferred_username,email:o.email,image:o.picture,emailVerified:!1},data:o}}});import{betterFetch as zt}from"@better-fetch/fetch";var _e=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=t.scopes||["users.read","tweet.read","offline.access"];return e.scope&&r.push(...e.scope),A({id:"twitter",options:e,authorizationEndpoint:"https://x.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>b({code:t,codeVerifier:r,authentication:"basic",redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://api.x.com/2/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await zt("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email||null,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}}});import{betterFetch as jt}from"@better-fetch/fetch";var Te=e=>{let t="https://api.dropboxapi.com/oauth2/token";return{id:"dropbox",name:"Dropbox",createAuthorizationURL:async({state:r,scopes:o,codeVerifier:i,redirectURI:n})=>{let s=o||["account_info.read"];return e.scope&&s.push(...e.scope),await A({id:"dropbox",options:e,authorizationEndpoint:"https://www.dropbox.com/oauth2/authorize",scopes:s,state:r,redirectURI:n,codeVerifier:i})},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:i})=>await b({code:r,codeVerifier:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:i}=await jt("https://api.dropboxapi.com/2/users/get_current_account",{method:"POST",headers:{Authorization:`Bearer ${r.accessToken}`}});return i?null:{user:{id:o.account_id,name:o.name?.display_name,email:o.email,emailVerified:o.email_verified||!1,image:o.profile_photo_url},data:o}}}};import{betterFetch as $t}from"@better-fetch/fetch";var Pe=e=>{let t="https://www.linkedin.com/oauth/v2/authorization",r="https://www.linkedin.com/oauth/v2/accessToken";return{id:"linkedin",name:"Linkedin",createAuthorizationURL:async({state:o,scopes:i,redirectURI:n})=>{let s=i||["profile","email","openid"];return e.scope&&s.push(...e.scope),await A({id:"linkedin",options:e,authorizationEndpoint:t,scopes:s,state:o,redirectURI:n})},validateAuthorizationCode:async({code:o,redirectURI:i})=>await b({code:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:r}),async getUserInfo(o){let{data:i,error:n}=await $t("https://api.linkedin.com/v2/userinfo",{method:"GET",headers:{Authorization:`Bearer ${o.accessToken}`}});return n?null:{user:{id:i.sub,name:i.name,email:i.email,emailVerified:i.email_verified||!1,image:i.picture},data:i}}}};import{betterFetch as qt}from"@better-fetch/fetch";var re=(e="")=>e.split("://").map(t=>t.replace(/\/{2,}/g,"/")).join("://"),Nt=e=>{let t=e||"https://gitlab.com";return{authorizationEndpoint:re(`${t}/oauth/authorize`),tokenEndpoint:re(`${t}/oauth/token`),userinfoEndpoint:re(`${t}/api/v4/user`)}},Oe=e=>{let{authorizationEndpoint:t,tokenEndpoint:r,userinfoEndpoint:o}=Nt(e.issuer),i="gitlab";return{id:i,name:"Gitlab",createAuthorizationURL:async({state:s,scopes:a,codeVerifier:d,redirectURI:c})=>{let u=a||["read_user"];return e.scope&&u.push(...e.scope),await A({id:i,options:e,authorizationEndpoint:t,scopes:u,state:s,redirectURI:c,codeVerifier:d})},validateAuthorizationCode:async({code:s,redirectURI:a,codeVerifier:d})=>b({code:s,redirectURI:e.redirectURI||a,options:e,codeVerifier:d,tokenEndpoint:r}),async getUserInfo(s){let{data:a,error:d}=await qt(o,{headers:{authorization:`Bearer ${s.accessToken}`}});return d||a.state!=="active"||a.locked?null:{user:{id:a.id.toString(),name:a.name??a.username,email:a.email,image:a.avatar_url,emailVerified:!0},data:a}}}};var Ft={apple:be,discord:ye,facebook:Ae,github:Re,microsoft:ve,google:Ue,spotify:Ee,twitch:xe,twitter:_e,dropbox:Te,linkedin:Pe,gitlab:Oe},J=Object.keys(Ft);import{TimeSpan as Ht}from"oslo";import{createJWT as Mt,validateJWT as Gt}from"oslo/jwt";import{z as P}from"zod";import{APIError as $}from"better-call";import{APIError as j}from"better-call";import{z as F}from"zod";function Se(e){try{return JSON.parse(e)}catch{return null}}var oe=()=>p("/get-session",{method:"GET",query:F.optional(F.object({disableCookieCache:F.boolean().optional()})),requireHeaders:!0},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null,{status:401});let r=e.getCookie(e.context.authCookies.sessionData.name),o=r?Se(Buffer.from(r,"base64").toString()):null;if(o&&!await Z.verify({value:JSON.stringify(o.session),signature:o?.signature,secret:e.context.secret}))return B(e),e.json(null,{status:401});let i=await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret);if(o?.session&&e.context.options.session?.cookieCache?.enabled&&!e.query?.disableCookieCache){let u=o.session;if(o.expiresAt<Date.now()||u.session.expiresAt<new Date){let g=e.context.authCookies.sessionData.name;e.setCookie(g,"",{maxAge:0})}else return e.json(u)}let n=await e.context.internalAdapter.findSession(t);if(!n||n.session.expiresAt<new Date)return B(e),n&&await e.context.internalAdapter.deleteSession(n.session.id),e.json(null,{status:401});if(i)return e.json(n);let s=e.context.sessionConfig.expiresIn,a=e.context.sessionConfig.updateAge;if(n.session.expiresAt.valueOf()-s*1e3+a*1e3<=Date.now()){let u=await e.context.internalAdapter.updateSession(n.session.id,{expiresAt:C(e.context.sessionConfig.expiresIn,"sec")});if(!u)return B(e),e.json(null,{status:401});let f=(u.expiresAt.valueOf()-Date.now())/1e3;return await T(e,{session:u,user:n.user},!1,{maxAge:f}),e.json({session:u,user:n.user})}return e.json(n)}catch(t){return e.context.logger.error(t),e.json(null,{status:500})}}),ie=async e=>await oe()({...e,_flag:"json",headers:e.headers}),_=M(async e=>{let t=await ie(e);if(!t?.session)throw new j("UNAUTHORIZED");return{session:t}}),Ie=()=>p("/list-sessions",{method:"GET",use:[_],requireHeaders:!0},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(o=>o.expiresAt>new Date);return e.json(r)}),Le=p("/revoke-session",{method:"POST",body:F.object({id:F.string()}),use:[_],requireHeaders:!0},async e=>{let t=e.body.id,r=await e.context.internalAdapter.findSession(t);if(!r)throw new j("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new j("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(o){throw e.context.logger.error(o),new j("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),Ce=p("/revoke-sessions",{method:"POST",use:[_],requireHeaders:!0},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t),new j("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),Be=p("/revoke-other-sessions",{method:"POST",requireHeaders:!0,use:[_]},async e=>{let t=e.context.session;if(!t.user)throw new j("UNAUTHORIZED");let i=(await e.context.internalAdapter.listSessions(t.user.id)).filter(n=>n.expiresAt>new Date).filter(n=>n.id!==e.context.session.session.id);return await Promise.all(i.map(n=>e.context.internalAdapter.deleteSession(n.id))),e.json({status:!0})});async function S(e,t,r){return await Mt("HS256",Buffer.from(e),{email:t.toLowerCase(),updateTo:r},{expiresIn:new Ht(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}var De=p("/send-verification-email",{method:"POST",query:P.object({currentURL:P.string().optional()}).optional(),body:P.object({email:P.string().email(),callbackURL:P.string().optional()})},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new $("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new $("BAD_REQUEST",{message:"User not found"});let o=await S(e.context.secret,t),i=`${e.context.baseURL}/verify-email?token=${o}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailVerification.sendVerificationEmail({user:r.user,url:i,token:o},e.request),e.json({status:!0})}),Ve=p("/verify-email",{method:"GET",query:P.object({token:P.string(),callbackURL:P.string().optional()})},async e=>{let{token:t}=e.query,r;try{r=await Gt("HS256",Buffer.from(e.context.secret),t)}catch(s){throw e.context.logger.error("Failed to verify email",s),new $("BAD_REQUEST",{message:"Invalid token"})}let i=P.object({email:P.string().email(),updateTo:P.string().optional()}).parse(r.payload);if(!await e.context.internalAdapter.findUserByEmail(i.email))throw new $("BAD_REQUEST",{message:"User not found"});if(i.updateTo){let s=await ie(e);if(!s)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new $("UNAUTHORIZED",{message:"Session not found"});if(s.user.email!==i.email)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new $("UNAUTHORIZED",{message:"Invalid session"});let a=await e.context.internalAdapter.updateUserByEmail(i.email,{email:i.updateTo});if(await e.context.options.emailVerification?.sendVerificationEmail?.({user:a,url:`${e.context.baseURL}/verify-email?token=${t}`,token:t},e.request),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:a,status:!0})}if(await e.context.internalAdapter.updateUserByEmail(i.email,{emailVerified:!0}),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:null,status:!0})});async function W(e,{userInfo:t,account:r,callbackURL:o}){let i=await e.context.internalAdapter.findUserByEmail(t.email.toLowerCase(),{includeAccounts:!0}).catch(a=>{throw m.error(`Better auth was unable to query your database.
4
- Error: `,a),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),n=i?.user;if(i){let a=i.accounts.find(d=>d.providerId===r.providerId);if(a)await e.context.internalAdapter.updateAccount(a.id,{accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,expiresAt:r.expiresAt});else{if(!e.context.options.account?.accountLinking?.trustedProviders?.includes(r.providerId)&&!t.emailVerified||e.context.options.account?.accountLinking?.enabled===!1)return ce&&m.warn(`User already exist but account isn't linked to ${r.providerId}. To read more about how account linking works in Better Auth see https://www.better-auth.com/docs/concepts/users-accounts#account-linking.`),{error:"account not linked",data:null};try{await e.context.internalAdapter.linkAccount({providerId:r.providerId,accountId:t.id.toString(),id:e.context.uuid(),userId:i.user.id,accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,expiresAt:r.expiresAt})}catch(u){return m.error("Unable to link account",u),{error:"unable to link account",data:null}}}}else try{let a=t.emailVerified||!1;if(n=await e.context.internalAdapter.createOAuthUser({...t,id:e.context.uuid(),emailVerified:a,email:t.email.toLowerCase()},{accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,expiresAt:r.expiresAt,providerId:r.providerId,accountId:t.id.toString()}).then(d=>d?.user),!a&&n&&e.context.options.emailVerification?.sendOnSignUp){let d=await S(e.context.secret,n.email),c=`${e.context.baseURL}/verify-email?token=${d}&callbackURL=${o}`;await e.context.options.emailVerification?.sendVerificationEmail?.({user:n,url:c,token:d},e.request)}}catch(a){return m.error("Unable to create user",a),{error:"unable to create user",data:null}}if(!n)return{error:"unable to create user",data:null};let s=await e.context.internalAdapter.createSession(n.id,e.request);return s?{data:{session:s,user:n},error:null}:{error:"unable to create session",data:null}}var ze=p("/sign-in/social",{method:"POST",query:U.object({currentURL:U.string().optional()}).optional(),body:U.object({callbackURL:U.string().optional(),provider:U.enum(J),idToken:U.optional(U.object({token:U.string(),nonce:U.string().optional(),accessToken:U.string().optional(),refreshToken:U.string().optional(),expiresAt:U.number().optional()}))})},async e=>{let t=e.context.socialProviders.find(n=>n.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new E("NOT_FOUND",{message:"Provider not found"});if(e.body.idToken){if(!t.verifyIdToken)throw e.context.logger.error("Provider does not support id token verification",{provider:e.body.provider}),new E("NOT_FOUND",{message:"Provider does not support id token verification"});let{token:n,nonce:s}=e.body.idToken;if(!await t.verifyIdToken(n,s))throw e.context.logger.error("Invalid id token",{provider:e.body.provider}),new E("UNAUTHORIZED",{message:"Invalid id token"});let d=await t.getUserInfo({idToken:n,accessToken:e.body.idToken.accessToken,refreshToken:e.body.idToken.refreshToken});if(!d||!d?.user)throw e.context.logger.error("Failed to get user info",{provider:e.body.provider}),new E("UNAUTHORIZED",{message:"Failed to get user info"});if(!d.user.email)throw e.context.logger.error("User email not found",{provider:e.body.provider}),new E("UNAUTHORIZED",{message:"User email not found"});let c=await W(e,{userInfo:{email:d.user.email,id:d.user.id,name:d.user.name||"",image:d.user.image,emailVerified:d.user.emailVerified||!1},account:{providerId:t.id,accountId:d.user.id,accessToken:e.body.idToken.accessToken}});if(c.error)throw new E("UNAUTHORIZED",{message:c.error});return await T(e,c.data),e.json({session:c.data.session,user:c.data.user,url:`${e.body.callbackURL||e.query?.currentURL||e.context.options.baseURL}`,redirect:!0})}let{codeVerifier:r,state:o}=await Q(e),i=await t.createAuthorizationURL({state:o,codeVerifier:r,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:i.toString(),redirect:!0})}),je=p("/sign-in/email",{method:"POST",body:U.object({email:U.string(),password:U.string(),callbackURL:U.string().optional(),rememberMe:U.boolean().default(!1).optional()})},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new E("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!U.string().email().safeParse(t).success)throw new E("BAD_REQUEST",{message:"Invalid email"});let i=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!i)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new E("UNAUTHORIZED",{message:"Invalid email or password"});let n=i.accounts.find(c=>c.providerId==="credential");if(!n)throw e.context.logger.error("Credential account not found",{email:t}),new E("UNAUTHORIZED",{message:"Invalid email or password"});let s=n?.password;if(!s)throw e.context.logger.error("Password not found",{email:t}),new E("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(s,r))throw e.context.logger.error("Invalid password"),new E("UNAUTHORIZED",{message:"Invalid email or password"});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!i.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw m.error("Email verification is required but no email verification handler is provided"),new E("INTERNAL_SERVER_ERROR",{message:"Email is not verified."});let c=await S(e.context.secret,i.user.email),u=`${e.context.baseURL}/verify-email?token=${c}`;throw await e.context.options.emailVerification.sendVerificationEmail({user:i.user,url:u,token:c},e.request),e.context.logger.error("Email not verified",{email:t}),new E("FORBIDDEN",{message:"Email is not verified. Check your email for a verification link"})}let d=await e.context.internalAdapter.createSession(i.user.id,e.headers,e.body.rememberMe===!1);if(!d)throw e.context.logger.error("Failed to create session"),new E("UNAUTHORIZED",{message:"Failed to create session"});return await T(e,{session:d,user:i.user},e.body.rememberMe===!1),e.json({user:i.user,session:d,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});import{z as Y}from"zod";import{z as h}from"zod";var hn=h.object({id:h.string(),providerId:h.string(),accountId:h.string(),userId:h.string(),accessToken:h.string().nullish(),refreshToken:h.string().nullish(),idToken:h.string().nullish(),expiresAt:h.date().nullish(),password:h.string().nullish()}),wn=h.object({id:h.string(),email:h.string().transform(e=>e.toLowerCase()),emailVerified:h.boolean().default(!1),name:h.string(),image:h.string().nullish(),createdAt:h.date().default(new Date),updatedAt:h.date().default(new Date)}),bn=h.object({id:h.string(),userId:h.string(),expiresAt:h.date(),ipAddress:h.string().nullish(),userAgent:h.string().nullish()}),yn=h.object({id:h.string(),value:h.string(),expiresAt:h.date(),identifier:h.string()});function Qt(e,t){let r={...t==="user"?e.user?.additionalFields:{},...t==="session"?e.session?.additionalFields:{}};for(let o of e.plugins||[])o.schema&&o.schema[t]&&(r={...r,...o.schema[t].fields});return r}function Zt(e,t){let r=t.action||"create",o=t.fields,i={};for(let n in o){if(n in e){if(o[n].input===!1){if(o[n].defaultValue){i[n]=o[n].defaultValue;continue}continue}i[n]=e[n];continue}if(o[n].defaultValue&&r==="create"){i[n]=o[n].defaultValue;continue}}return i}function K(e,t,r){let o=Qt(e,"user");return Zt(t||{},{fields:o,action:r})}var $e=p("/callback/:id",{method:["GET","POST"],query:Y.object({state:Y.string(),code:Y.string().optional(),error:Y.string().optional()}),metadata:z},async e=>{if(!e.query.code)throw e.redirect(`${e.context.baseURL}/error?error=${e.query.error||"no_code"}`);let t=e.context.socialProviders.find(w=>w.id===e.params.id);if(!t)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let{codeVerifier:r,callbackURL:o,link:i,errorURL:n}=await me(e),s;try{s=await t.validateAuthorizationCode({code:e.query.code,codeVerifier:r,redirectURI:`${e.context.baseURL}/callback/${t.id}`})}catch(w){throw e.context.logger.error(w),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let a=await t.getUserInfo(s).then(w=>w?.user),c={id:ae(),...a};function u(w){let y=n||o||`${e.context.baseURL}/error`;throw y.includes("?")?y=`${y}&error=${w}`:y=`${y}?error=${w}`,e.redirect(y)}if(!a)return m.error("Unable to get user info"),u("unable_to_get_user_info");if(!c.email)return e.context.logger.error("Provider did not return email. This could be due to misconfiguration in the provider settings."),u("email_not_found");if(!o)throw m.error("No callback URL found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(i){if(i.email!==c.email.toLowerCase())return u("email_doesn't_match");if(!await e.context.internalAdapter.createAccount({userId:i.userId,providerId:t.id,accountId:a.id}))return u("unable_to_link_account");let y;try{y=new URL(o).toString()}catch{y=o}throw e.redirect(y)}let f=await W(e,{userInfo:{email:c.email,id:c.id,name:c.name||"",image:c.image,emailVerified:c.emailVerified||!1},account:{providerId:t.id,accountId:a.id,accessToken:s.accessToken,refreshToken:s.refreshToken,expiresAt:s.accessTokenExpiresAt},callbackURL:o});if(f.error)return u(f.error.split(" ").join("_"));let{session:g,user:l}=f.data;await T(e,{session:g,user:l});let k;try{k=new URL(o).toString()}catch{k=o}throw e.redirect(k)});import"zod";import{APIError as Jt}from"better-call";var qe=p("/sign-out",{method:"POST",requireHeaders:!0},async e=>{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)throw new Jt("BAD_REQUEST",{message:"Session not found"});return await e.context.internalAdapter.deleteSession(t),B(e),e.json({success:!0})});import{z as O}from"zod";import{APIError as X}from"better-call";function Ne(e,t,r){let o=t?new URL(t,e.baseURL):new URL(`${e.baseURL}/error`);return r&&Object.entries(r).forEach(([i,n])=>o.searchParams.set(i,n)),o.href}function Wt(e,t,r){let o=new URL(t,e.baseURL);return r&&Object.entries(r).forEach(([i,n])=>o.searchParams.set(i,n)),o.href}var Fe=p("/forget-password",{method:"POST",body:O.object({email:O.string().email(),redirectTo:O.string()})},async e=>{if(!e.context.options.emailAndPassword?.sendResetPassword)throw e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function in your auth config!"),new X("BAD_REQUEST",{message:"Reset password isn't enabled"});let{email:t,redirectTo:r}=e.body,o=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!o)return e.context.logger.error("Reset Password: User not found",{email:t}),e.json({status:!1},{body:{status:!0}});let i=60*60*1,n=new Date(Date.now()+1e3*(e.context.options.emailAndPassword.resetPasswordTokenExpiresIn||i)),s=e.context.uuid();await e.context.internalAdapter.createVerificationValue({value:o.user.id,identifier:`reset-password:${s}`,expiresAt:n});let a=`${e.context.baseURL}/reset-password/${s}?callbackURL=${r}`;return await e.context.options.emailAndPassword.sendResetPassword({user:o.user,url:a},e.request),e.json({status:!0})}),He=p("/reset-password/:token",{method:"GET",query:O.object({callbackURL:O.string()})},async e=>{let{token:t}=e.params,{callbackURL:r}=e.query;if(!t||!r)throw e.redirect(Ne(e.context,r,{error:"INVALID_TOKEN"}));let o=await e.context.internalAdapter.findVerificationValue(`reset-password:${t}`);throw!o||o.expiresAt<new Date?e.redirect(Ne(e.context,r,{error:"INVALID_TOKEN"})):e.redirect(Wt(e.context,r,{token:t}))}),Me=p("/reset-password",{query:O.optional(O.object({token:O.string().optional(),currentURL:O.string().optional()})),method:"POST",body:O.object({newPassword:O.string()})},async e=>{let t=e.query?.token||(e.query?.currentURL?new URL(e.query.currentURL).searchParams.get("token"):"");if(!t)throw new X("BAD_REQUEST",{message:"Token not found"});let{newPassword:r}=e.body,o=`reset-password:${t}`,i=await e.context.internalAdapter.findVerificationValue(o);if(!i||i.expiresAt<new Date)throw new X("BAD_REQUEST",{message:"Invalid token"});await e.context.internalAdapter.deleteVerificationValue(i.id);let n=i.value,s=await e.context.password.hash(r);if(!(await e.context.internalAdapter.findAccounts(n)).find(u=>u.providerId==="credential"))return await e.context.internalAdapter.createAccount({userId:n,providerId:"credential",password:s,accountId:e.context.uuid()}),e.json({status:!0});if(!await e.context.internalAdapter.updatePassword(n,s))throw new X("BAD_REQUEST",{message:"Failed to update password"});return e.json({status:!0})});import{z as v}from"zod";import{APIError as x}from"better-call";var Ge=()=>p("/update-user",{method:"POST",body:v.record(v.string(),v.any()),use:[_]},async e=>{let t=e.body;if(t.email)throw new x("BAD_REQUEST",{message:"You can't update email"});let{name:r,image:o,...i}=t,n=e.context.session;if(!o&&!r&&Object.keys(i).length===0)return e.json({user:n.user});let s=K(e.context.options,i,"update"),a=await e.context.internalAdapter.updateUserByEmail(n.user.email,{name:r,image:o,...s});return await T(e,{session:n.session,user:a}),e.json({user:a})}),Qe=p("/change-password",{method:"POST",body:v.object({newPassword:v.string(),currentPassword:v.string(),revokeOtherSessions:v.boolean().optional()}),use:[_]},async e=>{let{newPassword:t,currentPassword:r,revokeOtherSessions:o}=e.body,i=e.context.session,n=e.context.password.config.minPasswordLength;if(t.length<n)throw e.context.logger.error("Password is too short"),new x("BAD_REQUEST",{message:"Password is too short"});let s=e.context.password.config.maxPasswordLength;if(t.length>s)throw e.context.logger.error("Password is too long"),new x("BAD_REQUEST",{message:"Password too long"});let d=(await e.context.internalAdapter.findAccounts(i.user.id)).find(f=>f.providerId==="credential"&&f.password);if(!d||!d.password)throw new x("BAD_REQUEST",{message:"User does not have a password"});let c=await e.context.password.hash(t);if(!await e.context.password.verify(d.password,r))throw new x("BAD_REQUEST",{message:"Incorrect password"});if(await e.context.internalAdapter.updateAccount(d.id,{password:c}),o){await e.context.internalAdapter.deleteSessions(i.user.id);let f=await e.context.internalAdapter.createSession(i.user.id,e.headers);if(!f)throw new x("INTERNAL_SERVER_ERROR",{message:"Unable to create session"});await T(e,{session:f,user:i.user})}return e.json(i.user)}),Ze=p("/set-password",{method:"POST",body:v.object({newPassword:v.string()}),metadata:{SERVER_ONLY:!0},use:[_]},async e=>{let{newPassword:t}=e.body,r=e.context.session,o=e.context.password.config.minPasswordLength;if(t.length<o)throw e.context.logger.error("Password is too short"),new x("BAD_REQUEST",{message:"Password is too short"});let i=e.context.password.config.maxPasswordLength;if(t.length>i)throw e.context.logger.error("Password is too long"),new x("BAD_REQUEST",{message:"Password too long"});let s=(await e.context.internalAdapter.findAccounts(r.user.id)).find(d=>d.providerId==="credential"&&d.password),a=await e.context.password.hash(t);if(!s)return await e.context.internalAdapter.linkAccount({userId:r.user.id,providerId:"credential",accountId:r.user.id,password:a}),e.json(r.user);throw new x("BAD_REQUEST",{message:"user already has a password"})}),Je=p("/delete-user",{method:"POST",body:v.object({password:v.string()}),use:[_]},async e=>{let{password:t}=e.body,r=e.context.session,i=(await e.context.internalAdapter.findAccounts(r.user.id)).find(s=>s.providerId==="credential"&&s.password);if(!i||!i.password)throw new x("BAD_REQUEST",{message:"User does not have a password"});if(!await e.context.password.verify(i.password,t))throw new x("BAD_REQUEST",{message:"Incorrect password"});return await e.context.internalAdapter.deleteUser(r.user.id),await e.context.internalAdapter.deleteSessions(r.user.id),B(e),e.json(null)}),We=p("/change-email",{method:"POST",query:v.object({currentURL:v.string().optional()}).optional(),body:v.object({newEmail:v.string().email(),callbackURL:v.string().optional()}),use:[_]},async e=>{if(!e.context.options.user?.changeEmail?.enabled)throw e.context.logger.error("Change email is disabled."),new x("BAD_REQUEST",{message:"Change email is disabled"});if(e.body.newEmail===e.context.session.user.email)throw e.context.logger.error("Email is the same"),new x("BAD_REQUEST",{message:"Email is the same"});if(await e.context.internalAdapter.findUserByEmail(e.body.newEmail))throw e.context.logger.error("Email already exists"),new x("BAD_REQUEST",{message:"Couldn't update your email"});if(e.context.session.user.emailVerified!==!0){let i=await e.context.internalAdapter.updateUserByEmail(e.context.session.user.email,{email:e.body.newEmail});return e.json({user:i,status:!0})}if(!e.context.options.user.changeEmail.sendChangeEmailVerification)throw e.context.logger.error("Verification email isn't enabled."),new x("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await S(e.context.secret,e.context.session.user.email,e.body.newEmail),o=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.user.changeEmail.sendChangeEmailVerification({user:e.context.session.user,newEmail:e.body.newEmail,url:o,token:r},e.request),e.json({user:null,status:!0})});var Kt=(e="Unknown")=>`<!DOCTYPE html>
1
+ import{APIError as ne,createRouter as ir,statusCode as nr}from"better-call";import{APIError as ht}from"better-call";import{createEndpointCreator as dt,createMiddleware as se,createMiddlewareCreator as ct}from"better-call";var ae=se(async()=>({})),M=ct({use:[ae,se(async()=>({}))]}),p=dt({use:[ae]});var $={isAction:!1};import{nanoid as ut}from"nanoid";var de=e=>ut(e);import{generateCodeVerifier as pt,generateState as mt}from"oslo/oauth2";import{z as L}from"zod";import{APIError as me}from"better-call";var G=Object.create(null),N=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?G:globalThis),ce=new Proxy(G,{get(e,t){return N()[t]??G[t]},has(e,t){let r=N();return t in r||t in G},set(e,t,r){let o=N(!0);return o[t]=r,!0},deleteProperty(e,t){if(!t)return!1;let r=N(!0);return delete r[t],!0},ownKeys(){let e=N(!0);return Object.keys(e)}});function lt(e){return e?e!=="false":!1}var re=typeof process<"u"&&process.env&&process.env.NODE_ENV||"";var ue=re==="dev"||re==="development",le=re==="test"||lt(ce.TEST);var B=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r,this.stack=""}};function pe(e){try{return new URL(e).origin}catch{return null}}async function Q(e,t){let r=e.body?.callbackURL||(e.query?.currentURL?pe(e.query?.currentURL):"")||e.context.options.baseURL;if(!r)throw new me("BAD_REQUEST",{message:"callbackURL is required"});let o=pt(),i=mt(),n=JSON.stringify({callbackURL:r,codeVerifier:o,errorURL:e.query?.currentURL,link:t,expiresAt:Date.now()+10*60*1e3}),s=new Date;s.setMinutes(s.getMinutes()+10);let a=await e.context.internalAdapter.createVerificationValue({value:n,identifier:i,expiresAt:s});if(!a)throw m.error("Unable to create verification. Make sure the database adapter is properly working and there is a verification table in the database"),new me("INTERNAL_SERVER_ERROR",{message:"Unable to create verification"});return{state:a.identifier,codeVerifier:o}}async function fe(e){let t=e.query.state,r=await e.context.internalAdapter.findVerificationValue(t);if(!r)throw m.error("State Mismatch. Verification not found",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let o=L.object({callbackURL:L.string(),codeVerifier:L.string(),errorURL:L.string().optional(),expiresAt:L.number(),link:L.object({email:L.string(),userId:L.string()}).optional()}).parse(JSON.parse(r.value));if(o.errorURL||(o.errorURL=`${e.context.baseURL}/error`),o.expiresAt<Date.now())throw await e.context.internalAdapter.deleteVerificationValue(r.id),m.error("State expired.",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);return await e.context.internalAdapter.deleteVerificationValue(r.id),o}import{createConsola as ft}from"consola";var V=ft({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),gt=e=>({log:(...t)=>{!e?.disabled&&V.log("",...t)},error:(...t)=>{!e?.disabled&&V.error("",...t)},warn:(...t)=>{!e?.disabled&&V.warn("",...t)},info:(...t)=>{!e?.disabled&&V.info("",...t)},debug:(...t)=>{!e?.disabled&&V.debug("",...t)},box:(...t)=>{!e?.disabled&&V.box("",...t)},success:(...t)=>{!e?.disabled&&V.success("",...t)},break:(...t)=>{!e?.disabled&&console.log(`
2
+ `)}}),m=gt();var ge=M(async e=>{if(e.request?.method!=="POST")return;let{body:t,query:r,context:o}=e,i=e.headers?.get("origin")||e.headers?.get("referer")||"",n=t?.callbackURL||r?.callbackURL,s=t?.redirectTo,a=r?.currentURL,d=o.trustedOrigins,c=e.headers?.has("cookie"),u=(g,l)=>l.includes("*")?new RegExp("^"+l.replace(/\*/g,"[^/]+").replace(/\./g,"\\.")+"$").test(g):g.startsWith(l),f=(g,l)=>{if(!g)return;if(!d.some(w=>u(g,w)||g?.startsWith("/")&&l!=="origin"&&!g.includes(":")))throw m.error(`Invalid ${l}: ${g}`),m.info(`If it's a valid URL, please add ${g} to trustedOrigins in your auth config
3
+ `,`Current list of trustedOrigins: ${d}`),new ht("FORBIDDEN",{message:`Invalid ${l}`})};c&&!e.context.options.advanced?.disableCSRFCheck&&f(i,"origin"),n&&f(n,"callbackURL"),s&&f(s,"redirectURL"),a&&f(a,"currentURL")});import{APIError as E}from"better-call";import{z as U}from"zod";import{TimeSpan as Zr}from"oslo";import{HMAC as he,sha256 as qr}from"oslo/crypto";async function wt({value:e,secret:t}){return new he("SHA-256").sign(new TextEncoder().encode(t),new TextEncoder().encode(e)).then(o=>Buffer.from(o).toString("base64"))}function bt({value:e,signature:t,secret:r}){return new he("SHA-256").verify(new TextEncoder().encode(r),Buffer.from(t,"base64"),new TextEncoder().encode(e))}var Z={sign:wt,verify:bt};import{base64url as yt}from"oslo/encoding";var C=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));async function T(e,t,r,o){let i=e.context.authCookies.sessionToken.options;i.maxAge=r?void 0:e.context.sessionConfig.expiresIn,await e.setSignedCookie(e.context.authCookies.sessionToken.name,t.session.id,e.context.secret,{...i,...o}),r&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options),e.context.options.session?.cookieCache?.enabled&&e.setCookie(e.context.authCookies.sessionData.name,JSON.stringify(yt.encode(new TextEncoder().encode(JSON.stringify({session:t,expiresAt:C(e.context.authCookies.sessionData.options.maxAge||60,"sec").getTime(),signature:await Z.sign({value:JSON.stringify(t),secret:e.context.secret})})))),e.context.authCookies.sessionData.options),e.context.options.secondaryStorage&&await e.context.secondaryStorage?.set(t.session.id,JSON.stringify({user:t.user,session:t.session}),t.session.expiresAt.getTime()-Date.now())}function D(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.sessionData.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{maxAge:0})}import{parseJWT as Ut}from"oslo/jwt";import{sha256 as At}from"oslo/crypto";import{base64url as kt}from"oslo/encoding";async function we(e){let t=await At(new TextEncoder().encode(e));return kt.encode(new Uint8Array(t),{includePadding:!1})}function be(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_in?C(e.expires_in,"sec"):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function A({id:e,options:t,authorizationEndpoint:r,state:o,codeVerifier:i,scopes:n,claims:s,redirectURI:a}){let d=new URL(r);if(d.searchParams.set("response_type","code"),d.searchParams.set("client_id",t.clientId),d.searchParams.set("state",o),d.searchParams.set("scope",n.join(" ")),d.searchParams.set("redirect_uri",t.redirectURI||a),i){let c=await we(i);d.searchParams.set("code_challenge_method","S256"),d.searchParams.set("code_challenge",c)}if(s){let c=s.reduce((u,f)=>(u[f]=null,u),{});d.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...c}}))}return d}import{betterFetch as Rt}from"@better-fetch/fetch";async function b({code:e,codeVerifier:t,redirectURI:r,options:o,tokenEndpoint:i,authentication:n}){let s=new URLSearchParams,a={"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"};if(s.set("grant_type","authorization_code"),s.set("code",e),t&&s.set("code_verifier",t),s.set("redirect_uri",r),n==="basic"){let f=btoa(`${o.clientId}:${o.clientSecret}`);a.authorization=`Basic ${f}`}else s.set("client_id",o.clientId),s.set("client_secret",o.clientSecret);let{data:d,error:c}=await Rt(i,{method:"POST",body:s,headers:a});if(c)throw c;return be(d)}import{decodeProtectedHeader as vt,importJWK as Et,jwtVerify as _t}from"jose";import{betterFetch as Tt}from"@better-fetch/fetch";import{APIError as xt}from"better-call";import"zod";var ye=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:o,redirectURI:i}){let n=o||["email","name","openid"];return e.scope&&n.push(...e.scope),new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${i||e.redirectURI}&scope=${n.join(" ")}&state=${r}`)},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:i})=>b({code:r,codeVerifier:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:t}),async verifyIdToken(r,o){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(r,o);let i=vt(r),{kid:n,alg:s}=i;if(!n||!s)return!1;let a=await Pt(n),{payload:d}=await _t(r,a,{algorithms:[s],issuer:"https://appleid.apple.com",audience:e.clientId,maxTokenAge:"1h"});return["email_verified","is_private_email"].forEach(c=>{d[c]!==void 0&&(d[c]=!!d[c])}),o&&d.nonce!==o?!1:!!d},async getUserInfo(r){if(!r.idToken)return null;let o=Ut(r.idToken)?.payload;return o?{user:{id:o.sub,name:o.name,email:o.email,emailVerified:o.email_verified==="true",image:o.picture},data:o}:null}}},Pt=async e=>{let t="https://appleid.apple.com",r="/auth/keys",{data:o}=await Tt(`${t}${r}`);if(!o?.keys)throw new xt("BAD_REQUEST",{message:"Keys not found"});let i=o.keys.find(n=>n.kid===e);if(!i)throw new Error(`JWK with kid ${e} not found`);return await Et(i,i.alg)};import{betterFetch as St}from"@better-fetch/fetch";var Ae=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["identify","email"];return e.scope&&i.push(...e.scope),new URL(`https://discord.com/api/oauth2/authorize?scope=${i.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||o)}&state=${t}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>b({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await St("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(o)return null;if(r.avatar===null){let i=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${i}.png`}else{let i=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${i}`}return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url},data:r}}});import{betterFetch as Ot}from"@better-fetch/fetch";var ke=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["email","public_profile"];return e.scope&&i.push(...e.scope),await A({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:i,state:t,redirectURI:o})},validateAuthorizationCode:async({code:t,redirectURI:r})=>b({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){let{data:r,error:o}=await Ot("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});return o?null:{user:{id:r.id,name:r.name,email:r.email,image:r.picture.data.url,emailVerified:r.email_verified},data:r}}});import{betterFetch as Re}from"@better-fetch/fetch";var Ue=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"GitHub",createAuthorizationURL({state:r,scopes:o,codeVerifier:i,redirectURI:n}){let s=o||["user:email"];return e.scope&&s.push(...e.scope),A({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:s,state:r,redirectURI:n})},validateAuthorizationCode:async({code:r,redirectURI:o})=>b({code:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:i}=await Re("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${r.accessToken}`}});if(i)return null;let n=!1;if(!o.email){let{data:s,error:a}=await Re("https://api.github.com/user/emails",{headers:{authorization:`Bearer ${r.accessToken}`,"User-Agent":"better-auth"}});a||(o.email=(s.find(d=>d.primary)??s[0])?.email,n=s.find(d=>d.email===o.email)?.verified??!1)}return{user:{id:o.id.toString(),name:o.name||o.login,email:o.email,image:o.avatar_url,emailVerified:n},data:o}}}};import{parseJWT as It}from"oslo/jwt";import{betterFetch as Lt}from"@better-fetch/fetch";var ve=e=>({id:"google",name:"Google",async createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:i}){if(!e.clientId||!e.clientSecret)throw m.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new B("CLIENT_ID_AND_SECRET_REQUIRED");if(!o)throw new B("codeVerifier is required for Google");let n=r||["email","profile","openid"];e.scope&&n.push(...e.scope);let s=await A({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:n,state:t,codeVerifier:o,redirectURI:i});return e.accessType&&s.searchParams.set("access_type",e.accessType),e.prompt&&s.searchParams.set("prompt",e.prompt),s},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>b({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async verifyIdToken(t,r){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(t,r);let o=`https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=${t}`,{data:i}=await Lt(o);return i?i.aud===e.clientId&&i.iss==="https://accounts.google.com":!1},async getUserInfo(t){if(!t.idToken)return null;let r=It(t.idToken)?.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}}});import{betterFetch as Ct}from"@better-fetch/fetch";import{parseJWT as Dt}from"oslo/jwt";var Ee=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,o=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(i){let n=i.scopes||["openid","profile","email","User.Read"];return e.scope&&n.push(...e.scope),A({id:"microsoft",options:e,authorizationEndpoint:r,state:i.state,codeVerifier:i.codeVerifier,scopes:n,redirectURI:i.redirectURI})},validateAuthorizationCode({code:i,codeVerifier:n,redirectURI:s}){return b({code:i,codeVerifier:n,redirectURI:e.redirectURI||s,options:e,tokenEndpoint:o})},async getUserInfo(i){if(!i.idToken)return null;let n=Dt(i.idToken)?.payload,s=e.profilePhotoSize||48;return await Ct(`https://graph.microsoft.com/v1.0/me/photos/${s}x${s}/$value`,{headers:{Authorization:`Bearer ${i.accessToken}`},async onResponse(a){if(!(e.disableProfilePhoto||!a.response.ok))try{let c=await a.response.clone().arrayBuffer(),u=Buffer.from(c).toString("base64");n.picture=`data:image/jpeg;base64, ${u}`}catch(d){m.error(d)}}}),{user:{id:n.sub,name:n.name,email:n.email,image:n.picture,emailVerified:!0},data:n}}}};import{betterFetch as Bt}from"@better-fetch/fetch";var _e=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:i}){let n=r||["user-read-email"];return e.scope&&n.push(...e.scope),A({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:n,state:t,codeVerifier:o,redirectURI:i})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>b({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){let{data:r,error:o}=await Bt("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1},data:r}}});import"@better-fetch/fetch";import{parseJWT as Vt}from"oslo/jwt";var Te=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["user:read:email","openid"];return e.scope&&i.push(...e.scope),A({id:"twitch",redirectURI:o,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:i,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>b({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let r=t.idToken;if(!r)return m.error("No idToken found in token"),null;let o=Vt(r)?.payload;return{user:{id:o.sub,name:o.preferred_username,email:o.email,image:o.picture,emailVerified:!1},data:o}}});import{betterFetch as zt}from"@better-fetch/fetch";var xe=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=t.scopes||["users.read","tweet.read","offline.access"];return e.scope&&r.push(...e.scope),A({id:"twitter",options:e,authorizationEndpoint:"https://x.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>b({code:t,codeVerifier:r,authentication:"basic",redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://api.x.com/2/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await zt("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email||null,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}}});import{betterFetch as jt}from"@better-fetch/fetch";var Pe=e=>{let t="https://api.dropboxapi.com/oauth2/token";return{id:"dropbox",name:"Dropbox",createAuthorizationURL:async({state:r,scopes:o,codeVerifier:i,redirectURI:n})=>{let s=o||["account_info.read"];return e.scope&&s.push(...e.scope),await A({id:"dropbox",options:e,authorizationEndpoint:"https://www.dropbox.com/oauth2/authorize",scopes:s,state:r,redirectURI:n,codeVerifier:i})},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:i})=>await b({code:r,codeVerifier:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:i}=await jt("https://api.dropboxapi.com/2/users/get_current_account",{method:"POST",headers:{Authorization:`Bearer ${r.accessToken}`}});return i?null:{user:{id:o.account_id,name:o.name?.display_name,email:o.email,emailVerified:o.email_verified||!1,image:o.profile_photo_url},data:o}}}};import{betterFetch as $t}from"@better-fetch/fetch";var Se=e=>{let t="https://www.linkedin.com/oauth/v2/authorization",r="https://www.linkedin.com/oauth/v2/accessToken";return{id:"linkedin",name:"Linkedin",createAuthorizationURL:async({state:o,scopes:i,redirectURI:n})=>{let s=i||["profile","email","openid"];return e.scope&&s.push(...e.scope),await A({id:"linkedin",options:e,authorizationEndpoint:t,scopes:s,state:o,redirectURI:n})},validateAuthorizationCode:async({code:o,redirectURI:i})=>await b({code:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:r}),async getUserInfo(o){let{data:i,error:n}=await $t("https://api.linkedin.com/v2/userinfo",{method:"GET",headers:{Authorization:`Bearer ${o.accessToken}`}});return n?null:{user:{id:i.sub,name:i.name,email:i.email,emailVerified:i.email_verified||!1,image:i.picture},data:i}}}};import{betterFetch as qt}from"@better-fetch/fetch";var oe=(e="")=>e.split("://").map(t=>t.replace(/\/{2,}/g,"/")).join("://"),Nt=e=>{let t=e||"https://gitlab.com";return{authorizationEndpoint:oe(`${t}/oauth/authorize`),tokenEndpoint:oe(`${t}/oauth/token`),userinfoEndpoint:oe(`${t}/api/v4/user`)}},Oe=e=>{let{authorizationEndpoint:t,tokenEndpoint:r,userinfoEndpoint:o}=Nt(e.issuer),i="gitlab";return{id:i,name:"Gitlab",createAuthorizationURL:async({state:s,scopes:a,codeVerifier:d,redirectURI:c})=>{let u=a||["read_user"];return e.scope&&u.push(...e.scope),await A({id:i,options:e,authorizationEndpoint:t,scopes:u,state:s,redirectURI:c,codeVerifier:d})},validateAuthorizationCode:async({code:s,redirectURI:a,codeVerifier:d})=>b({code:s,redirectURI:e.redirectURI||a,options:e,codeVerifier:d,tokenEndpoint:r}),async getUserInfo(s){let{data:a,error:d}=await qt(o,{headers:{authorization:`Bearer ${s.accessToken}`}});return d||a.state!=="active"||a.locked?null:{user:{id:a.id.toString(),name:a.name??a.username,email:a.email,image:a.avatar_url,emailVerified:!0},data:a}}}};var Ft={apple:ye,discord:Ae,facebook:ke,github:Ue,microsoft:Ee,google:ve,spotify:_e,twitch:Te,twitter:xe,dropbox:Pe,linkedin:Se,gitlab:Oe},J=Object.keys(Ft);import{TimeSpan as Ht}from"oslo";import{createJWT as Mt,validateJWT as Gt}from"oslo/jwt";import{z as P}from"zod";import{APIError as j}from"better-call";import{APIError as z}from"better-call";import{z as F}from"zod";function Ie(e){try{return JSON.parse(e)}catch{return null}}var ie=()=>p("/get-session",{method:"GET",query:F.optional(F.object({disableCookieCache:F.boolean().optional()})),requireHeaders:!0},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null);let r=e.getCookie(e.context.authCookies.sessionData.name),o=r?Ie(Buffer.from(r,"base64").toString()):null;if(o&&!await Z.verify({value:JSON.stringify(o.session),signature:o?.signature,secret:e.context.secret}))return D(e),e.json(null);let i=await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret);if(o?.session&&e.context.options.session?.cookieCache?.enabled&&!e.query?.disableCookieCache){let u=o.session;if(o.expiresAt<Date.now()||u.session.expiresAt<new Date){let g=e.context.authCookies.sessionData.name;e.setCookie(g,"",{maxAge:0})}else return e.json(u)}let n=await e.context.internalAdapter.findSession(t);if(!n||n.session.expiresAt<new Date)return D(e),n&&await e.context.internalAdapter.deleteSession(n.session.id),e.json(null);if(i)return e.json(n);let s=e.context.sessionConfig.expiresIn,a=e.context.sessionConfig.updateAge;if(n.session.expiresAt.valueOf()-s*1e3+a*1e3<=Date.now()){let u=await e.context.internalAdapter.updateSession(n.session.id,{expiresAt:C(e.context.sessionConfig.expiresIn,"sec")});if(!u)return D(e),e.json(null,{status:401});let f=(u.expiresAt.valueOf()-Date.now())/1e3;return await T(e,{session:u,user:n.user},!1,{maxAge:f}),e.json({session:u,user:n.user})}return e.json(n)}catch(t){throw e.context.logger.error(t),new z("INTERNAL_SERVER_ERROR",{message:"internal server error"})}}),W=async e=>await ie()({...e,_flag:"json",headers:e.headers}),x=M(async e=>{let t=await W(e);if(!t?.session)throw new z("UNAUTHORIZED");return{session:t}}),Le=()=>p("/list-sessions",{method:"GET",use:[x],requireHeaders:!0},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(o=>o.expiresAt>new Date);return e.json(r)}),Ce=p("/revoke-session",{method:"POST",body:F.object({id:F.string()}),use:[x],requireHeaders:!0},async e=>{let t=e.body.id,r=await e.context.internalAdapter.findSession(t);if(!r)throw new z("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new z("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(o){throw e.context.logger.error(o),new z("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),De=p("/revoke-sessions",{method:"POST",use:[x],requireHeaders:!0},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t),new z("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),Be=p("/revoke-other-sessions",{method:"POST",requireHeaders:!0,use:[x]},async e=>{let t=e.context.session;if(!t.user)throw new z("UNAUTHORIZED");let i=(await e.context.internalAdapter.listSessions(t.user.id)).filter(n=>n.expiresAt>new Date).filter(n=>n.id!==e.context.session.session.id);return await Promise.all(i.map(n=>e.context.internalAdapter.deleteSession(n.id))),e.json({status:!0})});async function O(e,t,r){return await Mt("HS256",Buffer.from(e),{email:t.toLowerCase(),updateTo:r},{expiresIn:new Ht(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}var Ve=p("/send-verification-email",{method:"POST",query:P.object({currentURL:P.string().optional()}).optional(),body:P.object({email:P.string().email(),callbackURL:P.string().optional()})},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new j("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new j("BAD_REQUEST",{message:"User not found"});let o=await O(e.context.secret,t),i=`${e.context.baseURL}/verify-email?token=${o}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailVerification.sendVerificationEmail({user:r.user,url:i,token:o},e.request),e.json({status:!0})}),ze=p("/verify-email",{method:"GET",query:P.object({token:P.string(),callbackURL:P.string().optional()})},async e=>{let{token:t}=e.query,r;try{r=await Gt("HS256",Buffer.from(e.context.secret),t)}catch(s){throw e.context.logger.error("Failed to verify email",s),new j("BAD_REQUEST",{message:"Invalid token"})}let i=P.object({email:P.string().email(),updateTo:P.string().optional()}).parse(r.payload),n=await e.context.internalAdapter.findUserByEmail(i.email);if(!n)throw new j("BAD_REQUEST",{message:"User not found"});if(i.updateTo){let s=await W(e);if(!s)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new j("UNAUTHORIZED",{message:"Session not found"});if(s.user.email!==i.email)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new j("UNAUTHORIZED",{message:"Invalid session"});let a=await e.context.internalAdapter.updateUserByEmail(i.email,{email:i.updateTo});if(await e.context.options.emailVerification?.sendVerificationEmail?.({user:a,url:`${e.context.baseURL}/verify-email?token=${t}`,token:t},e.request),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:a,status:!0})}if(await e.context.internalAdapter.updateUserByEmail(i.email,{emailVerified:!0}),e.context.options.emailVerification?.autoSignInAfterVerification&&!await W(e)){let a=await e.context.internalAdapter.createSession(n.user.id,e.request);if(!a)throw new j("INTERNAL_SERVER_ERROR",{message:"Failed to create session"});await T(e,{session:a,user:n.user})}if(e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:null,status:!0})});async function K(e,{userInfo:t,account:r,callbackURL:o}){let i=await e.context.internalAdapter.findUserByEmail(t.email.toLowerCase(),{includeAccounts:!0}).catch(a=>{throw m.error(`Better auth was unable to query your database.
4
+ Error: `,a),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),n=i?.user;if(i){let a=i.accounts.find(d=>d.providerId===r.providerId);if(a)await e.context.internalAdapter.updateAccount(a.id,{accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,expiresAt:r.expiresAt});else{if(!e.context.options.account?.accountLinking?.trustedProviders?.includes(r.providerId)&&!t.emailVerified||e.context.options.account?.accountLinking?.enabled===!1)return ue&&m.warn(`User already exist but account isn't linked to ${r.providerId}. To read more about how account linking works in Better Auth see https://www.better-auth.com/docs/concepts/users-accounts#account-linking.`),{error:"account not linked",data:null};try{await e.context.internalAdapter.linkAccount({providerId:r.providerId,accountId:t.id.toString(),id:e.context.uuid(),userId:i.user.id,accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,expiresAt:r.expiresAt})}catch(u){return m.error("Unable to link account",u),{error:"unable to link account",data:null}}}}else try{let a=t.emailVerified||!1;if(n=await e.context.internalAdapter.createOAuthUser({...t,id:e.context.uuid(),emailVerified:a,email:t.email.toLowerCase()},{accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,expiresAt:r.expiresAt,providerId:r.providerId,accountId:t.id.toString()}).then(d=>d?.user),!a&&n&&e.context.options.emailVerification?.sendOnSignUp){let d=await O(e.context.secret,n.email),c=`${e.context.baseURL}/verify-email?token=${d}&callbackURL=${o}`;await e.context.options.emailVerification?.sendVerificationEmail?.({user:n,url:c,token:d},e.request)}}catch(a){return m.error("Unable to create user",a),{error:"unable to create user",data:null}}if(!n)return{error:"unable to create user",data:null};let s=await e.context.internalAdapter.createSession(n.id,e.request);return s?{data:{session:s,user:n},error:null}:{error:"unable to create session",data:null}}var je=p("/sign-in/social",{method:"POST",query:U.object({currentURL:U.string().optional()}).optional(),body:U.object({callbackURL:U.string().optional(),provider:U.enum(J),idToken:U.optional(U.object({token:U.string(),nonce:U.string().optional(),accessToken:U.string().optional(),refreshToken:U.string().optional(),expiresAt:U.number().optional()}))})},async e=>{let t=e.context.socialProviders.find(n=>n.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new E("NOT_FOUND",{message:"Provider not found"});if(e.body.idToken){if(!t.verifyIdToken)throw e.context.logger.error("Provider does not support id token verification",{provider:e.body.provider}),new E("NOT_FOUND",{message:"Provider does not support id token verification"});let{token:n,nonce:s}=e.body.idToken;if(!await t.verifyIdToken(n,s))throw e.context.logger.error("Invalid id token",{provider:e.body.provider}),new E("UNAUTHORIZED",{message:"Invalid id token"});let d=await t.getUserInfo({idToken:n,accessToken:e.body.idToken.accessToken,refreshToken:e.body.idToken.refreshToken});if(!d||!d?.user)throw e.context.logger.error("Failed to get user info",{provider:e.body.provider}),new E("UNAUTHORIZED",{message:"Failed to get user info"});if(!d.user.email)throw e.context.logger.error("User email not found",{provider:e.body.provider}),new E("UNAUTHORIZED",{message:"User email not found"});let c=await K(e,{userInfo:{email:d.user.email,id:d.user.id,name:d.user.name||"",image:d.user.image,emailVerified:d.user.emailVerified||!1},account:{providerId:t.id,accountId:d.user.id,accessToken:e.body.idToken.accessToken}});if(c.error)throw new E("UNAUTHORIZED",{message:c.error});return await T(e,c.data),e.json({session:c.data.session,user:c.data.user,url:`${e.body.callbackURL||e.query?.currentURL||e.context.options.baseURL}`,redirect:!0})}let{codeVerifier:r,state:o}=await Q(e),i=await t.createAuthorizationURL({state:o,codeVerifier:r,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:i.toString(),redirect:!0})}),$e=p("/sign-in/email",{method:"POST",body:U.object({email:U.string(),password:U.string(),callbackURL:U.string().optional(),rememberMe:U.boolean().default(!1).optional()})},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new E("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!U.string().email().safeParse(t).success)throw new E("BAD_REQUEST",{message:"Invalid email"});let i=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!i)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new E("UNAUTHORIZED",{message:"Invalid email or password"});let n=i.accounts.find(c=>c.providerId==="credential");if(!n)throw e.context.logger.error("Credential account not found",{email:t}),new E("UNAUTHORIZED",{message:"Invalid email or password"});let s=n?.password;if(!s)throw e.context.logger.error("Password not found",{email:t}),new E("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(s,r))throw e.context.logger.error("Invalid password"),new E("UNAUTHORIZED",{message:"Invalid email or password"});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!i.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw m.error("Email verification is required but no email verification handler is provided"),new E("INTERNAL_SERVER_ERROR",{message:"Email is not verified."});let c=await O(e.context.secret,i.user.email),u=`${e.context.baseURL}/verify-email?token=${c}`;throw await e.context.options.emailVerification.sendVerificationEmail({user:i.user,url:u,token:c},e.request),e.context.logger.error("Email not verified",{email:t}),new E("FORBIDDEN",{message:"Email is not verified. Check your email for a verification link"})}let d=await e.context.internalAdapter.createSession(i.user.id,e.headers,e.body.rememberMe===!1);if(!d)throw e.context.logger.error("Failed to create session"),new E("UNAUTHORIZED",{message:"Failed to create session"});return await T(e,{session:d,user:i.user},e.body.rememberMe===!1),e.json({user:i.user,session:d,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});import{z as X}from"zod";import{z as h}from"zod";var wn=h.object({id:h.string(),providerId:h.string(),accountId:h.string(),userId:h.string(),accessToken:h.string().nullish(),refreshToken:h.string().nullish(),idToken:h.string().nullish(),expiresAt:h.date().nullish(),password:h.string().nullish()}),bn=h.object({id:h.string(),email:h.string().transform(e=>e.toLowerCase()),emailVerified:h.boolean().default(!1),name:h.string(),image:h.string().nullish(),createdAt:h.date().default(new Date),updatedAt:h.date().default(new Date)}),yn=h.object({id:h.string(),userId:h.string(),expiresAt:h.date(),ipAddress:h.string().nullish(),userAgent:h.string().nullish()}),An=h.object({id:h.string(),value:h.string(),expiresAt:h.date(),identifier:h.string()});function Qt(e,t){let r={...t==="user"?e.user?.additionalFields:{},...t==="session"?e.session?.additionalFields:{}};for(let o of e.plugins||[])o.schema&&o.schema[t]&&(r={...r,...o.schema[t].fields});return r}function Zt(e,t){let r=t.action||"create",o=t.fields,i={};for(let n in o){if(n in e){if(o[n].input===!1){if(o[n].defaultValue){i[n]=o[n].defaultValue;continue}continue}i[n]=e[n];continue}if(o[n].defaultValue&&r==="create"){i[n]=o[n].defaultValue;continue}}return i}function Y(e,t,r){let o=Qt(e,"user");return Zt(t||{},{fields:o,action:r})}var qe=p("/callback/:id",{method:["GET","POST"],query:X.object({state:X.string(),code:X.string().optional(),error:X.string().optional()}),metadata:$},async e=>{if(!e.query.code)throw e.redirect(`${e.context.baseURL}/error?error=${e.query.error||"no_code"}`);let t=e.context.socialProviders.find(w=>w.id===e.params.id);if(!t)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let{codeVerifier:r,callbackURL:o,link:i,errorURL:n}=await fe(e),s;try{s=await t.validateAuthorizationCode({code:e.query.code,codeVerifier:r,redirectURI:`${e.context.baseURL}/callback/${t.id}`})}catch(w){throw e.context.logger.error(w),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let a=await t.getUserInfo(s).then(w=>w?.user),c={id:de(),...a};function u(w){let y=n||o||`${e.context.baseURL}/error`;throw y.includes("?")?y=`${y}&error=${w}`:y=`${y}?error=${w}`,e.redirect(y)}if(!a)return m.error("Unable to get user info"),u("unable_to_get_user_info");if(!c.email)return e.context.logger.error("Provider did not return email. This could be due to misconfiguration in the provider settings."),u("email_not_found");if(!o)throw m.error("No callback URL found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(i){if(i.email!==c.email.toLowerCase())return u("email_doesn't_match");if(!await e.context.internalAdapter.createAccount({userId:i.userId,providerId:t.id,accountId:a.id}))return u("unable_to_link_account");let y;try{y=new URL(o).toString()}catch{y=o}throw e.redirect(y)}let f=await K(e,{userInfo:{email:c.email,id:c.id,name:c.name||"",image:c.image,emailVerified:c.emailVerified||!1},account:{providerId:t.id,accountId:a.id,accessToken:s.accessToken,refreshToken:s.refreshToken,expiresAt:s.accessTokenExpiresAt},callbackURL:o});if(f.error)return u(f.error.split(" ").join("_"));let{session:g,user:l}=f.data;await T(e,{session:g,user:l});let k;try{k=new URL(o).toString()}catch{k=o}throw e.redirect(k)});import"zod";import{APIError as Jt}from"better-call";var Ne=p("/sign-out",{method:"POST",requireHeaders:!0},async e=>{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)throw new Jt("BAD_REQUEST",{message:"Session not found"});return await e.context.internalAdapter.deleteSession(t),D(e),e.json({success:!0})});import{z as S}from"zod";import{APIError as ee}from"better-call";function Fe(e,t,r){let o=t?new URL(t,e.baseURL):new URL(`${e.baseURL}/error`);return r&&Object.entries(r).forEach(([i,n])=>o.searchParams.set(i,n)),o.href}function Wt(e,t,r){let o=new URL(t,e.baseURL);return r&&Object.entries(r).forEach(([i,n])=>o.searchParams.set(i,n)),o.href}var He=p("/forget-password",{method:"POST",body:S.object({email:S.string().email(),redirectTo:S.string()})},async e=>{if(!e.context.options.emailAndPassword?.sendResetPassword)throw e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function in your auth config!"),new ee("BAD_REQUEST",{message:"Reset password isn't enabled"});let{email:t,redirectTo:r}=e.body,o=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!o)return e.context.logger.error("Reset Password: User not found",{email:t}),e.json({status:!1},{body:{status:!0}});let i=60*60*1,n=new Date(Date.now()+1e3*(e.context.options.emailAndPassword.resetPasswordTokenExpiresIn||i)),s=e.context.uuid();await e.context.internalAdapter.createVerificationValue({value:o.user.id,identifier:`reset-password:${s}`,expiresAt:n});let a=`${e.context.baseURL}/reset-password/${s}?callbackURL=${r}`;return await e.context.options.emailAndPassword.sendResetPassword({user:o.user,url:a},e.request),e.json({status:!0})}),Me=p("/reset-password/:token",{method:"GET",query:S.object({callbackURL:S.string()})},async e=>{let{token:t}=e.params,{callbackURL:r}=e.query;if(!t||!r)throw e.redirect(Fe(e.context,r,{error:"INVALID_TOKEN"}));let o=await e.context.internalAdapter.findVerificationValue(`reset-password:${t}`);throw!o||o.expiresAt<new Date?e.redirect(Fe(e.context,r,{error:"INVALID_TOKEN"})):e.redirect(Wt(e.context,r,{token:t}))}),Ge=p("/reset-password",{query:S.optional(S.object({token:S.string().optional(),currentURL:S.string().optional()})),method:"POST",body:S.object({newPassword:S.string()})},async e=>{let t=e.query?.token||(e.query?.currentURL?new URL(e.query.currentURL).searchParams.get("token"):"");if(!t)throw new ee("BAD_REQUEST",{message:"Token not found"});let{newPassword:r}=e.body,o=`reset-password:${t}`,i=await e.context.internalAdapter.findVerificationValue(o);if(!i||i.expiresAt<new Date)throw new ee("BAD_REQUEST",{message:"Invalid token"});await e.context.internalAdapter.deleteVerificationValue(i.id);let n=i.value,s=await e.context.password.hash(r);if(!(await e.context.internalAdapter.findAccounts(n)).find(u=>u.providerId==="credential"))return await e.context.internalAdapter.createAccount({userId:n,providerId:"credential",password:s,accountId:e.context.uuid()}),e.json({status:!0});if(!await e.context.internalAdapter.updatePassword(n,s))throw new ee("BAD_REQUEST",{message:"Failed to update password"});return e.json({status:!0})});import{z as v}from"zod";import{APIError as _}from"better-call";var Qe=()=>p("/update-user",{method:"POST",body:v.record(v.string(),v.any()),use:[x]},async e=>{let t=e.body;if(t.email)throw new _("BAD_REQUEST",{message:"You can't update email"});let{name:r,image:o,...i}=t,n=e.context.session;if(!o&&!r&&Object.keys(i).length===0)return e.json({user:n.user});let s=Y(e.context.options,i,"update"),a=await e.context.internalAdapter.updateUserByEmail(n.user.email,{name:r,image:o,...s});return await T(e,{session:n.session,user:a}),e.json({user:a})}),Ze=p("/change-password",{method:"POST",body:v.object({newPassword:v.string(),currentPassword:v.string(),revokeOtherSessions:v.boolean().optional()}),use:[x]},async e=>{let{newPassword:t,currentPassword:r,revokeOtherSessions:o}=e.body,i=e.context.session,n=e.context.password.config.minPasswordLength;if(t.length<n)throw e.context.logger.error("Password is too short"),new _("BAD_REQUEST",{message:"Password is too short"});let s=e.context.password.config.maxPasswordLength;if(t.length>s)throw e.context.logger.error("Password is too long"),new _("BAD_REQUEST",{message:"Password too long"});let d=(await e.context.internalAdapter.findAccounts(i.user.id)).find(f=>f.providerId==="credential"&&f.password);if(!d||!d.password)throw new _("BAD_REQUEST",{message:"User does not have a password"});let c=await e.context.password.hash(t);if(!await e.context.password.verify(d.password,r))throw new _("BAD_REQUEST",{message:"Incorrect password"});if(await e.context.internalAdapter.updateAccount(d.id,{password:c}),o){await e.context.internalAdapter.deleteSessions(i.user.id);let f=await e.context.internalAdapter.createSession(i.user.id,e.headers);if(!f)throw new _("INTERNAL_SERVER_ERROR",{message:"Unable to create session"});await T(e,{session:f,user:i.user})}return e.json(i.user)}),Je=p("/set-password",{method:"POST",body:v.object({newPassword:v.string()}),metadata:{SERVER_ONLY:!0},use:[x]},async e=>{let{newPassword:t}=e.body,r=e.context.session,o=e.context.password.config.minPasswordLength;if(t.length<o)throw e.context.logger.error("Password is too short"),new _("BAD_REQUEST",{message:"Password is too short"});let i=e.context.password.config.maxPasswordLength;if(t.length>i)throw e.context.logger.error("Password is too long"),new _("BAD_REQUEST",{message:"Password too long"});let s=(await e.context.internalAdapter.findAccounts(r.user.id)).find(d=>d.providerId==="credential"&&d.password),a=await e.context.password.hash(t);if(!s)return await e.context.internalAdapter.linkAccount({userId:r.user.id,providerId:"credential",accountId:r.user.id,password:a}),e.json(r.user);throw new _("BAD_REQUEST",{message:"user already has a password"})}),We=p("/delete-user",{method:"POST",body:v.object({password:v.string()}),use:[x]},async e=>{let{password:t}=e.body,r=e.context.session,i=(await e.context.internalAdapter.findAccounts(r.user.id)).find(s=>s.providerId==="credential"&&s.password);if(!i||!i.password)throw new _("BAD_REQUEST",{message:"User does not have a password"});if(!await e.context.password.verify(i.password,t))throw new _("BAD_REQUEST",{message:"Incorrect password"});return await e.context.internalAdapter.deleteUser(r.user.id),await e.context.internalAdapter.deleteSessions(r.user.id),D(e),e.json(null)}),Ke=p("/change-email",{method:"POST",query:v.object({currentURL:v.string().optional()}).optional(),body:v.object({newEmail:v.string().email(),callbackURL:v.string().optional()}),use:[x]},async e=>{if(!e.context.options.user?.changeEmail?.enabled)throw e.context.logger.error("Change email is disabled."),new _("BAD_REQUEST",{message:"Change email is disabled"});if(e.body.newEmail===e.context.session.user.email)throw e.context.logger.error("Email is the same"),new _("BAD_REQUEST",{message:"Email is the same"});if(await e.context.internalAdapter.findUserByEmail(e.body.newEmail))throw e.context.logger.error("Email already exists"),new _("BAD_REQUEST",{message:"Couldn't update your email"});if(e.context.session.user.emailVerified!==!0){let i=await e.context.internalAdapter.updateUserByEmail(e.context.session.user.email,{email:e.body.newEmail});return e.json({user:i,status:!0})}if(!e.context.options.user.changeEmail.sendChangeEmailVerification)throw e.context.logger.error("Verification email isn't enabled."),new _("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await O(e.context.secret,e.context.session.user.email,e.body.newEmail),o=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.user.changeEmail.sendChangeEmailVerification({user:e.context.session.user,newEmail:e.body.newEmail,url:o,token:r},e.request),e.json({user:null,status:!0})});var Kt=(e="Unknown")=>`<!DOCTYPE html>
5
5
  <html lang="en">
6
6
  <head>
7
7
  <meta charset="UTF-8">
@@ -81,4 +81,4 @@ Error: `,a),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)
81
81
  <div class="error-code">Error Code: <span id="errorCode">${e}</span></div>
82
82
  </div>
83
83
  </body>
84
- </html>`,Ke=p("/error",{method:"GET",metadata:z},async e=>{let t=new URL(e.request?.url||"").searchParams.get("error")||"Unknown";return new Response(Kt(t),{headers:{"Content-Type":"text/html"}})});var Ye=p("/ok",{method:"GET",metadata:z},async e=>e.json({ok:!0}));import{z as q}from"zod";import{APIError as I}from"better-call";var Xe=()=>p("/sign-up/email",{method:"POST",query:q.object({currentURL:q.string().optional()}).optional(),body:q.record(q.string(),q.any())},async e=>{if(!e.context.options.emailAndPassword?.enabled)throw new I("BAD_REQUEST",{message:"Email and password sign up is not enabled"});let t=e.body,{name:r,email:o,password:i,image:n,callbackURL:s,...a}=t;if(!q.string().email().safeParse(o).success)throw new I("BAD_REQUEST",{message:"Invalid email"});let c=e.context.password.config.minPasswordLength;if(i.length<c)throw e.context.logger.error("Password is too short"),new I("BAD_REQUEST",{message:"Password is too short"});let u=e.context.password.config.maxPasswordLength;if(i.length>u)throw e.context.logger.error("Password is too long"),new I("BAD_REQUEST",{message:"Password is too long"});if((await e.context.internalAdapter.findUserByEmail(o))?.user)throw e.context.logger.info(`Sign-up attempt for existing email: ${o}`),new I("UNPROCESSABLE_ENTITY",{message:"User with this email already exists"});let g=K(e.context.options,a),l;try{if(l=await e.context.internalAdapter.createUser({email:o.toLowerCase(),name:r,image:n,...g,emailVerified:!1}),!l)throw new I("BAD_REQUEST",{message:"Failed to create user"})}catch(y){throw m.error("Failed to create user",y),new I("UNPROCESSABLE_ENTITY",{message:"Failed to create user",details:y})}if(!l)throw new I("UNPROCESSABLE_ENTITY",{message:"Failed to create user"});let k=await e.context.password.hash(i);if(await e.context.internalAdapter.linkAccount({userId:l.id,providerId:"credential",accountId:l.id,password:k,expiresAt:C(60*60*24*30,"sec")}),e.context.options.emailVerification?.sendOnSignUp){let y=await S(e.context.secret,l.email),R=`${e.context.baseURL}/verify-email?token=${y}&callbackURL=${t.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification?.sendVerificationEmail?.({user:l,url:R,token:y},e.request)}if(!e.context.options.emailAndPassword.autoSignIn||e.context.options.emailAndPassword.requireEmailVerification)return e.json({user:l,session:null},{body:t.callbackURL?{url:t.callbackURL,redirect:!0}:{user:l,session:null}});let w=await e.context.internalAdapter.createSession(l.id,e.request);if(!w)throw new I("BAD_REQUEST",{message:"Failed to create session"});return await T(e,{session:w,user:l}),e.json({user:l,session:w})});import{z as H}from"zod";import{APIError as et}from"better-call";var tt=p("/list-accounts",{method:"GET",use:[_]},async e=>{let t=e.context.session,r=await e.context.internalAdapter.findAccounts(t.user.id);return e.json(r.map(o=>({id:o.id,provider:o.providerId})))}),rt=p("/link-social",{method:"POST",requireHeaders:!0,query:H.object({currentURL:H.string().optional()}).optional(),body:H.object({callbackURL:H.string().optional(),provider:H.enum(J)}),use:[_]},async e=>{let t=e.context.session;if((await e.context.internalAdapter.findAccounts(t.user.id)).find(a=>a.providerId===e.body.provider))throw new et("BAD_REQUEST",{message:"Social Account is already linked."});let i=e.context.socialProviders.find(a=>a.id===e.body.provider);if(!i)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new et("NOT_FOUND",{message:"Provider not found"});let n=await Q(e,{userId:t.user.id,email:t.user.email}),s=await i.createAuthorizationURL({state:n.state,codeVerifier:n.codeVerifier,redirectURI:`${e.context.baseURL}/callback/${i.id}`});return e.json({url:s.toString(),redirect:!0})});function ot(e,t){if(t.advanced?.ipAddress?.disableIpTracking)return null;let r="127.0.0.1";if(ue)return r;let i=t.advanced?.ipAddress?.ipAddressHeaders||["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"],n=e instanceof Request?e.headers:e;for(let s of i){let a=n.get(s);if(typeof a=="string"){let d=a.split(",")[0].trim();if(d)return d}}return null}function Yt(e,t,r){let o=Date.now(),i=t*1e3;return o-r.lastRequest<i&&r.count>=e}function Xt(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function er(e,t){let r=Date.now(),o=t*1e3;return Math.ceil((e+o-r)/1e3)}function tr(e,t){let r=t??"rateLimit",o=e.adapter;return{get:async i=>await o.findOne({model:r,where:[{field:"key",value:i}]}),set:async(i,n,s)=>{try{s?await o.update({model:t??"rateLimit",where:[{field:"key",value:i}],update:{count:n.count,lastRequest:n.lastRequest}}):await o.create({model:t??"rateLimit",data:{key:i,count:n.count,lastRequest:n.lastRequest}})}catch(a){m.error("Error setting rate limit",a)}}}}var it=new Map;function rr(e){return e.rateLimit.storage==="secondary-storage"?{get:async r=>{let o=await e.options.secondaryStorage?.get(r);return o?JSON.parse(o):void 0},set:async(r,o)=>{await e.options.secondaryStorage?.set?.(r,JSON.stringify(o))}}:e.rateLimit.storage==="memory"?{async get(r){return it.get(r)},async set(r,o,i){it.set(r,o)}}:tr(e,e.rateLimit.tableName)}async function nt(e,t){if(!t.rateLimit.enabled)return;let r=t.baseURL,o=e.url.replace(r,""),i=t.rateLimit.window,n=t.rateLimit.max,s=ot(e,t.options)+o,d=or().find(g=>g.pathMatcher(o));d&&(i=d.window,n=d.max);for(let g of t.options.plugins||[])if(g.rateLimit){let l=g.rateLimit.find(k=>k.pathMatcher(o));if(l){i=l.window,n=l.max;break}}if(t.rateLimit.customRules){let g=t.rateLimit.customRules[o];g&&(i=g.window,n=g.max)}let c=rr(t),u=await c.get(s),f=Date.now();if(!u)await c.set(s,{key:s,count:1,lastRequest:f});else{let g=f-u.lastRequest;if(Yt(n,i,u)){let l=er(u.lastRequest,i);return Xt(l)}else g>i*1e3?await c.set(s,{...u,count:1,lastRequest:f}):await c.set(s,{...u,count:u.count+1,lastRequest:f})}}function or(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")||t.startsWith("/change-password")||t.startsWith("/change-email")},window:10,max:3}]}import{APIError as oa}from"better-call";function sr(e,t){let r=t.plugins?.reduce((a,d)=>({...a,...d.endpoints}),{}),o=t.plugins?.map(a=>a.middlewares?.map(d=>{let c=async u=>d.middleware({...u,context:{...e,...u.context}});return c.path=d.path,c.options=d.middleware.options,c.headers=d.middleware.headers,{path:d.path,middleware:c}})).filter(a=>a!==void 0).flat()||[],n={...{signInSocial:ze,callbackOAuth:$e,getSession:oe(),signOut:qe,signUpEmail:Xe(),signInEmail:je,forgetPassword:Fe,resetPassword:Me,verifyEmail:Ve,sendVerificationEmail:De,changeEmail:We,changePassword:Qe,setPassword:Ze,updateUser:Ge(),deleteUser:Je,forgetPasswordCallback:He,listSessions:Ie(),revokeSession:Le,revokeSessions:Ce,revokeOtherSessions:Be,linkSocialAccount:rt,listUserAccounts:tt},...r,ok:Ye,error:Ke},s={};for(let[a,d]of Object.entries(n))s[a]=async(c={})=>{let u=await e;for(let l of t.plugins||[])if(l.hooks?.before)for(let k of l.hooks.before){let w={...d,...c,context:{...u,...c?.context}};if(k.matcher(w)){let R=await k.handler(w);R&&"context"in R&&(c={...R,...c})}}let f;try{f=await d({...c,context:{...u,...c.context}})}catch(l){if(l instanceof st){let k=t.plugins?.map(R=>{if(R.hooks?.after)return R.hooks.after}).filter(R=>R!==void 0).flat();if(!k?.length)throw l;let w=new Response(JSON.stringify(l.body),{status:nr[l.status],headers:l.headers}),y;for(let R of k||[])if(R.matcher(c)){u.returned=w;let at={...d,...c,context:u},ee=await R.handler(at);ee&&"response"in ee&&(y=ee.response)}if(y instanceof Response)return y;throw l}throw l}let g=f;for(let l of t.plugins||[])if(l.hooks?.after)for(let k of l.hooks.after){let w={...c,context:{...u,...c.context,endpoint:d,returned:g}};if(k.matcher(w)){let R=await k.handler(w);R&&"response"in R&&(g=R.response)}}return g},s[a].path=d.path,s[a].method=d.method,s[a].options=d.options,s[a].headers=d.headers;return{api:s,middlewares:o}}var Ks=(e,t)=>{let{api:r,middlewares:o}=sr(e,t),i=new URL(e.baseURL).pathname;return ir(r,{extraContext:e,basePath:i,routerMiddleware:[{path:"/**",middleware:fe},...o],async onRequest(n){for(let s of e.options.plugins||[])if(s.onRequest){let a=await s.onRequest(n,e);if(a&&"response"in a)return a.response}return nt(n,e)},async onResponse(n){for(let s of e.options.plugins||[])if(s.onResponse){let a=await s.onResponse(n,e);if(a)return a.response}return n},onError(n){if(t.onAPIError?.throw)throw n;if(t.onAPIError?.onError){t.onAPIError.onError(n,e);return}let s=t.logger?.verboseLogging?m:void 0;t.logger?.disabled!==!0&&(n instanceof st?(n.status==="INTERNAL_SERVER_ERROR"&&m.error(n),s?.error(n.message)):m?.error(n))}})};export{oa as APIError,$e as callbackOAuth,We as changeEmail,Qe as changePassword,p as createAuthEndpoint,M as createAuthMiddleware,S as createEmailVerificationToken,Je as deleteUser,Ke as error,Fe as forgetPassword,He as forgetPasswordCallback,sr as getEndpoints,oe as getSession,ie as getSessionFromCtx,rt as linkSocialAccount,Ie as listSessions,tt as listUserAccounts,Ye as ok,se as optionsMiddleware,fe as originCheckMiddleware,Me as resetPassword,Be as revokeOtherSessions,Le as revokeSession,Ce as revokeSessions,Ks as router,De as sendVerificationEmail,_ as sessionMiddleware,Ze as setPassword,je as signInEmail,ze as signInSocial,qe as signOut,Xe as signUpEmail,Ge as updateUser,Ve as verifyEmail};
84
+ </html>`,Ye=p("/error",{method:"GET",metadata:$},async e=>{let t=new URL(e.request?.url||"").searchParams.get("error")||"Unknown";return new Response(Kt(t),{headers:{"Content-Type":"text/html"}})});var Xe=p("/ok",{method:"GET",metadata:$},async e=>e.json({ok:!0}));import{z as q}from"zod";import{APIError as I}from"better-call";var et=()=>p("/sign-up/email",{method:"POST",query:q.object({currentURL:q.string().optional()}).optional(),body:q.record(q.string(),q.any())},async e=>{if(!e.context.options.emailAndPassword?.enabled)throw new I("BAD_REQUEST",{message:"Email and password sign up is not enabled"});let t=e.body,{name:r,email:o,password:i,image:n,callbackURL:s,...a}=t;if(!q.string().email().safeParse(o).success)throw new I("BAD_REQUEST",{message:"Invalid email"});let c=e.context.password.config.minPasswordLength;if(i.length<c)throw e.context.logger.error("Password is too short"),new I("BAD_REQUEST",{message:"Password is too short"});let u=e.context.password.config.maxPasswordLength;if(i.length>u)throw e.context.logger.error("Password is too long"),new I("BAD_REQUEST",{message:"Password is too long"});if((await e.context.internalAdapter.findUserByEmail(o))?.user)throw e.context.logger.info(`Sign-up attempt for existing email: ${o}`),new I("UNPROCESSABLE_ENTITY",{message:"User with this email already exists"});let g=Y(e.context.options,a),l;try{if(l=await e.context.internalAdapter.createUser({email:o.toLowerCase(),name:r,image:n,...g,emailVerified:!1}),!l)throw new I("BAD_REQUEST",{message:"Failed to create user"})}catch(y){throw m.error("Failed to create user",y),new I("UNPROCESSABLE_ENTITY",{message:"Failed to create user",details:y})}if(!l)throw new I("UNPROCESSABLE_ENTITY",{message:"Failed to create user"});let k=await e.context.password.hash(i);if(await e.context.internalAdapter.linkAccount({userId:l.id,providerId:"credential",accountId:l.id,password:k,expiresAt:C(60*60*24*30,"sec")}),e.context.options.emailVerification?.sendOnSignUp){let y=await O(e.context.secret,l.email),R=`${e.context.baseURL}/verify-email?token=${y}&callbackURL=${t.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification?.sendVerificationEmail?.({user:l,url:R,token:y},e.request)}if(!e.context.options.emailAndPassword.autoSignIn||e.context.options.emailAndPassword.requireEmailVerification)return e.json({user:l,session:null},{body:t.callbackURL?{url:t.callbackURL,redirect:!0}:{user:l,session:null}});let w=await e.context.internalAdapter.createSession(l.id,e.request);if(!w)throw new I("BAD_REQUEST",{message:"Failed to create session"});return await T(e,{session:w,user:l}),e.json({user:l,session:w})});import{z as H}from"zod";import{APIError as tt}from"better-call";var rt=p("/list-accounts",{method:"GET",use:[x]},async e=>{let t=e.context.session,r=await e.context.internalAdapter.findAccounts(t.user.id);return e.json(r.map(o=>({id:o.id,provider:o.providerId})))}),ot=p("/link-social",{method:"POST",requireHeaders:!0,query:H.object({currentURL:H.string().optional()}).optional(),body:H.object({callbackURL:H.string().optional(),provider:H.enum(J)}),use:[x]},async e=>{let t=e.context.session;if((await e.context.internalAdapter.findAccounts(t.user.id)).find(a=>a.providerId===e.body.provider))throw new tt("BAD_REQUEST",{message:"Social Account is already linked."});let i=e.context.socialProviders.find(a=>a.id===e.body.provider);if(!i)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new tt("NOT_FOUND",{message:"Provider not found"});let n=await Q(e,{userId:t.user.id,email:t.user.email}),s=await i.createAuthorizationURL({state:n.state,codeVerifier:n.codeVerifier,redirectURI:`${e.context.baseURL}/callback/${i.id}`});return e.json({url:s.toString(),redirect:!0})});function it(e,t){if(t.advanced?.ipAddress?.disableIpTracking)return null;let r="127.0.0.1";if(le)return r;let i=t.advanced?.ipAddress?.ipAddressHeaders||["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"],n=e instanceof Request?e.headers:e;for(let s of i){let a=n.get(s);if(typeof a=="string"){let d=a.split(",")[0].trim();if(d)return d}}return null}function Yt(e,t,r){let o=Date.now(),i=t*1e3;return o-r.lastRequest<i&&r.count>=e}function Xt(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function er(e,t){let r=Date.now(),o=t*1e3;return Math.ceil((e+o-r)/1e3)}function tr(e,t){let r=t??"rateLimit",o=e.adapter;return{get:async i=>await o.findOne({model:r,where:[{field:"key",value:i}]}),set:async(i,n,s)=>{try{s?await o.update({model:t??"rateLimit",where:[{field:"key",value:i}],update:{count:n.count,lastRequest:n.lastRequest}}):await o.create({model:t??"rateLimit",data:{key:i,count:n.count,lastRequest:n.lastRequest}})}catch(a){m.error("Error setting rate limit",a)}}}}var nt=new Map;function rr(e){return e.rateLimit.storage==="secondary-storage"?{get:async r=>{let o=await e.options.secondaryStorage?.get(r);return o?JSON.parse(o):void 0},set:async(r,o)=>{await e.options.secondaryStorage?.set?.(r,JSON.stringify(o))}}:e.rateLimit.storage==="memory"?{async get(r){return nt.get(r)},async set(r,o,i){nt.set(r,o)}}:tr(e,e.rateLimit.tableName)}async function st(e,t){if(!t.rateLimit.enabled)return;let r=t.baseURL,o=e.url.replace(r,""),i=t.rateLimit.window,n=t.rateLimit.max,s=it(e,t.options)+o,d=or().find(g=>g.pathMatcher(o));d&&(i=d.window,n=d.max);for(let g of t.options.plugins||[])if(g.rateLimit){let l=g.rateLimit.find(k=>k.pathMatcher(o));if(l){i=l.window,n=l.max;break}}if(t.rateLimit.customRules){let g=t.rateLimit.customRules[o];g&&(i=g.window,n=g.max)}let c=rr(t),u=await c.get(s),f=Date.now();if(!u)await c.set(s,{key:s,count:1,lastRequest:f});else{let g=f-u.lastRequest;if(Yt(n,i,u)){let l=er(u.lastRequest,i);return Xt(l)}else g>i*1e3?await c.set(s,{...u,count:1,lastRequest:f}):await c.set(s,{...u,count:u.count+1,lastRequest:f})}}function or(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")||t.startsWith("/change-password")||t.startsWith("/change-email")},window:10,max:3}]}import{APIError as ia}from"better-call";function sr(e,t){let r=t.plugins?.reduce((a,d)=>({...a,...d.endpoints}),{}),o=t.plugins?.map(a=>a.middlewares?.map(d=>{let c=async u=>d.middleware({...u,context:{...e,...u.context}});return c.path=d.path,c.options=d.middleware.options,c.headers=d.middleware.headers,{path:d.path,middleware:c}})).filter(a=>a!==void 0).flat()||[],n={...{signInSocial:je,callbackOAuth:qe,getSession:ie(),signOut:Ne,signUpEmail:et(),signInEmail:$e,forgetPassword:He,resetPassword:Ge,verifyEmail:ze,sendVerificationEmail:Ve,changeEmail:Ke,changePassword:Ze,setPassword:Je,updateUser:Qe(),deleteUser:We,forgetPasswordCallback:Me,listSessions:Le(),revokeSession:Ce,revokeSessions:De,revokeOtherSessions:Be,linkSocialAccount:ot,listUserAccounts:rt},...r,ok:Xe,error:Ye},s={};for(let[a,d]of Object.entries(n))s[a]=async(c={})=>{let u=await e;for(let l of t.plugins||[])if(l.hooks?.before)for(let k of l.hooks.before){let w={...d,...c,context:{...u,...c?.context}};if(k.matcher(w)){let R=await k.handler(w);R&&"context"in R&&(c={...R,...c})}}let f;try{f=await d({...c,context:{...u,...c.context}})}catch(l){if(l instanceof ne){let k=t.plugins?.map(R=>{if(R.hooks?.after)return R.hooks.after}).filter(R=>R!==void 0).flat();if(!k?.length)throw l;let w=new Response(JSON.stringify(l.body),{status:nr[l.status],headers:l.headers}),y;for(let R of k||[])if(R.matcher(c)){u.returned=w;let at={...d,...c,context:u},te=await R.handler(at);te&&"response"in te&&(y=te.response)}if(y instanceof Response)return y;throw l}throw l}let g=f;for(let l of t.plugins||[])if(l.hooks?.after)for(let k of l.hooks.after){let w={...c,context:{...u,...c.context,endpoint:d,returned:g}};if(k.matcher(w)){let R=await k.handler(w);R&&"response"in R&&(g=R.response)}}return g},s[a].path=d.path,s[a].method=d.method,s[a].options=d.options,s[a].headers=d.headers;return{api:s,middlewares:o}}var Ys=(e,t)=>{let{api:r,middlewares:o}=sr(e,t),i=new URL(e.baseURL).pathname;return ir(r,{extraContext:e,basePath:i,routerMiddleware:[{path:"/**",middleware:ge},...o],async onRequest(n){for(let s of e.options.plugins||[])if(s.onRequest){let a=await s.onRequest(n,e);if(a&&"response"in a)return a.response}return st(n,e)},async onResponse(n){for(let s of e.options.plugins||[])if(s.onResponse){let a=await s.onResponse(n,e);if(a)return a.response}return n},onError(n){if(n instanceof ne&&n.status==="NOT_FOUND")return;if(t.onAPIError?.throw)throw n;if(t.onAPIError?.onError){t.onAPIError.onError(n,e);return}let s=t.logger?.verboseLogging?m:void 0;t.logger?.disabled!==!0&&(n instanceof ne?(n.status==="INTERNAL_SERVER_ERROR"&&m.error(n),s?.error(n.message)):m?.error(n))}})};export{ia as APIError,qe as callbackOAuth,Ke as changeEmail,Ze as changePassword,p as createAuthEndpoint,M as createAuthMiddleware,O as createEmailVerificationToken,We as deleteUser,Ye as error,He as forgetPassword,Me as forgetPasswordCallback,sr as getEndpoints,ie as getSession,W as getSessionFromCtx,ot as linkSocialAccount,Le as listSessions,rt as listUserAccounts,Xe as ok,ae as optionsMiddleware,ge as originCheckMiddleware,Ge as resetPassword,Be as revokeOtherSessions,Ce as revokeSession,De as revokeSessions,Ys as router,Ve as sendVerificationEmail,x as sessionMiddleware,Je as setPassword,$e as signInEmail,je as signInSocial,Ne as signOut,et as signUpEmail,Qe as updateUser,ze as verifyEmail};